Filebeat - Modify config for Wazuh alerts

2025-12-06 17:22:49 +01:00 · 2018-12-10 19:50:55 +00:00
parent cb68f502ee
commit e70db05a0f
1 changed files with 4 additions and 3 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -1,6 +1,7 @@
 {%- set MASTER = grains['master'] %}
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
 {%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
+{%- set WAZUHENABLED = salt['pillar.get']('static:wazuh_enabled', '1') %}

 name: {{ HOSTNAME }}

@@ -36,16 +37,16 @@ filebeat.prospectors:
    clean_removed: false
    close_removed: false

+{%- if WAZUHENABLED != '1' %}
  - type: log
    paths:
-      - /alerts/alerts.json
+      - /wazuh/alerts/alerts.json
    fields:
      type: ossec
    fields_under_root: true
    clean_removed: false
    close_removed: false
-
-
+{%- endif %}

 #----------------------------- Logstash output ---------------------------------
 output.logstash: