# Module: zeek
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-zeek.html

- module: zeek
  capture_loss:
    enabled: false
    var.paths: ["/nsm/zeek/logs/current/capture_loss.log"]
  connection:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/conn.log"]
  dce_rpc:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/dce_rpc.log"]
  dhcp:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/dhcp.log"]
  dnp3:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/dnp3.log"]
  dns:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/dns.log"]
  dpd:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/dpd.log"]
  files:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/files.log"]
  ftp:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/ftp.log"]
  http:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/http.log"]
  intel:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/intel.log"]
  irc:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/irc.log"]
  kerberos:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/kerberos.log"]
  modbus:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/modbus.log"]
  mysql:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/mysql.log"]
  notice:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/notice.log"]
  ntlm:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/ntlm.log"]
  ocsp:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/oscp.log"]
  pe:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/pe.log"]
  radius:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/radius.log"]
  rdp:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/rdp.log"]
  rfb:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/rfb.log"]
  signature:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/signature.log"]
  sip:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/sip.log"]
  smb_cmd:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/smb_cmd.log"]
  smb_files:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/smb_files.log"]
  smb_mapping:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/smb_mapping.log"]
  smtp:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/smtp.log"]
  snmp:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/snmp.log"]
  socks:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/socks.log"]
  ssh:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/ssh.log"]
  ssl:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/ssl.log"]
  stats:
    enabled: false
    var.paths: ["/nsm/zeek/logs/current/stats.log"]
  syslog:
    enabled: false
    var.paths: ["/nsm/zeek/logs/current/syslog.log"]
  traceroute:
    enabled: false
    var.paths: ["/nsm/zeek/logs/current/traceroute.log.log"]
  tunnel:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/tunnel.log"]
  weird:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/weird.log"]
  x509:
    enabled: true
    var.paths: ["/nsm/zeek/logs/current/x509.log"]

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: