{%- set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
{% set ZEEKLOGLOOKUP = {
    'conn': 'connection',
} %}

securityonion_filebeat:
  modules:
    elasticsearch:
      server:
        enabled: true
        var.paths: ["/logs/elasticsearch/*.log"]
    kibana:
      log:
        enabled: true
        var.paths: ["/logs/kibana/kibana.log"]
    logstash:
      log:
        enabled: true
        var.paths: ["/logs/logstash.log"]
    redis:
      log:
        enabled: true
        var.paths: ["/logs/redis.log"]
      slowlog:
        enabled: false