# Module: cisco # Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cisco.html - module: cisco asa: enabled: true # Set which input to use between syslog (default) or file. #var.input: syslog # The interface to listen to UDP based syslog traffic. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. #var.syslog_host: localhost # The UDP port to listen for syslog traffic. Defaults to 9001. #var.syslog_port: 9001 # Set the log level from 1 (alerts only) to 7 (include all messages). # Messages with a log level higher than the specified will be dropped. # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html #var.log_level: 7 # Set internal security zones. used to override parsed network.direction # based on zone egress and ingress #var.internal_zones: [ "Internal" ] # Set external security zones. used to override parsed network.direction # based on zone egress and ingress #var.external_zones: [ "External" ] ftd: enabled: true # Set which input to use between syslog (default) or file. #var.input: syslog # The interface to listen to UDP based syslog traffic. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. #var.syslog_host: localhost # The UDP port to listen for syslog traffic. Defaults to 9003. #var.syslog_port: 9003 # Set the log level from 1 (alerts only) to 7 (include all messages). # Messages with a log level higher than the specified will be dropped. # See https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs-sev-level.html #var.log_level: 7 # Set internal security zones. used to override parsed network.direction # based on zone egress and ingress #var.internal_zones: [ "Internal" ] # Set external security zones. used to override parsed network.direction # based on zone egress and ingress #var.external_zones: [ "External" ] ios: enabled: true # Set which input to use between syslog (default) or file. #var.input: syslog # The interface to listen to UDP based syslog traffic. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. #var.syslog_host: localhost # The UDP port to listen for syslog traffic. Defaults to 9002. #var.syslog_port: 9002 # Set custom paths for the log files when using file input. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: nexus: enabled: true # Set which input to use between udp (default), tcp or file. # var.input: udp # var.syslog_host: localhost # var.syslog_port: 9506 # Set paths for the log files when file input is used. # var.paths: # Toggle output of non-ECS fields (default true). # var.rsa_fields: true # Set custom timezone offset. # "local" (default) for system timezone. # "+02:00" for GMT+02:00 # var.tz_offset: local meraki: enabled: true # Set which input to use between udp (default), tcp or file. # var.input: udp # var.syslog_host: localhost # var.syslog_port: 9525 # Set paths for the log files when file input is used. # var.paths: # Toggle output of non-ECS fields (default true). # var.rsa_fields: true # Set custom timezone offset. # "local" (default) for system timezone. # "+02:00" for GMT+02:00 # var.tz_offset: local umbrella: enabled: true #var.input: aws-s3 # AWS SQS queue url #var.queue_url: https://sqs.us-east-1.amazonaws.com/ID/CiscoQueue # Access ID to authenticate with the S3 input #var.access_key_id: 123456 # Access key to authenticate with the S3 input #var.secret_access_key: PASSWORD # The duration that the received messages are hidden from ReceiveMessage request #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted #var.api_timeout: 120s amp: enabled: true # Set which input to use between httpjson (default) or file. #var.input: httpjson # The API URL #var.url: https://api.amp.cisco.com/v1/events # The client ID used as a username for the API requests. #var.client_id: # The API key related to the client ID. #var.api_key: # How far to look back the first time the module is started. Expects an amount of hours. #var.first_interval: 24h # Overriding the default request timeout, optional. #var.request_timeout: 60s