Filebeat Module - Change the filebeat.yml

2025-12-06 17:22:49 +01:00 · 2018-10-16 10:20:00 -04:00
parent 66d2a7db94
commit ff98cdb30b
1 changed files with 19 additions and 23 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -8,32 +8,28 @@ filebeat.modules:
 filebeat.prospectors:
 #------------------------------ Log prospector --------------------------------
-{%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %}}
+{%- for LOGNAME in salt['pillar.get']('brologs:enabled', '')  %}
- type: log
+  - type: log
-  enabled: true
+    paths:
-  paths:
+      - /nsm/bro/spool/{{ LOGNAME }}.log
-    - /nsm/bro/spool/{{ LOGNAME }}.log
+    fields:
-  tags: ["bro_{{ LOGNAME }}"]
+      type: bro_{{ LOGNAME }}
-  exclude_files: ['.gz$']
+    fields_under_root: true
    tags: ["bro"]
    clean_removed: false
    close_removed: false
 {%- endfor %}
- type: log
+  - type: log
-
+    paths:
-  # Change to true to enable this prospector configuration.
+      - /suricata/eve.json
-  enabled: true
+    fields:
-
+      type: snort
-  # Paths that should be crawled and fetched. Glob based paths.
+    fields_under_root: true
-  # To fetch all ".log" files from a specific level of subdirectories
+    tags: ["ids"]
-  # /var/log/*/*.log can be used.
+    clean_removed: false
-  # For each file found under this path, a harvester is started.
+    close_removed: false
  # Make sure not file is defined twice as this can lead to unexpected behaviour.
  paths:
    - /suricata/eve.json
  tags: ids
    #- c:\programdata\elasticsearch\logs\*
  exclude_files: ['.gz$']
 #----------------------------- Logstash output ---------------------------------