diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index 0cbbf0594..f03d3dc1a 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -129,7 +129,8 @@ so-filebeat: {% for module in THIRDPARTY.modules.keys() %} {% for submodule in THIRDPARTY.modules[module] %} {% if THIRDPARTY.modules[module][submodule].enabled and THIRDPARTY.modules[module][submodule]["var.syslog_port"] is defined %} - - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/{{ THIRDPARTY.modules[module][submodule]["var.input"] }} + - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/tcp + - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/udp {% endif %} {% endfor %} {% endfor %} diff --git a/salt/filebeat/thirdpartydefaults.yaml b/salt/filebeat/thirdpartydefaults.yaml index 1b378f84b..112ed6d6c 100644 --- a/salt/filebeat/thirdpartydefaults.yaml +++ b/salt/filebeat/thirdpartydefaults.yaml @@ -42,39 +42,32 @@ third_party_filebeat: cef: log: enabled: false - var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9003 checkpoint: firewall: enabled: false - var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9505 cisco: asa: enabled: false - var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9001 ftd: enabled: false - var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9003 ios: enabled: false - var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9002 nexus: enabled: false - var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9506 meraki: enabled: false - var.input: udp var.syslog_host: 0.0.0.0 var.syslog_port: 9525 umbrella: