diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 8f053a42b..15317921e 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -14,7 +14,7 @@ filebeat.prospectors:
 {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '')  %}
   - type: log
     paths:
-      - /nsm/bro/spool/{{ LOGNAME }}.log
+      - /nsm/bro/logs/current/{{ LOGNAME }}.log
     fields:
       type: bro_{{ LOGNAME }}
     fields_under_root: true
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index fcac162cd..6fb65bd63 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -59,7 +59,7 @@ so-filebeat:
     - binds:
       - /opt/so/log/filebeat:/var/log/filebeat:rw
       - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
-      - /nsm/bro/spool/manager:/nsm/bro/spool:ro
+      - /nsm/bro:/nsm/bro:ro
       - /opt/so/log/suricata:/suricata:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro