mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-01 22:03:37 +01:00
143 lines
4.5 KiB
Plaintext
143 lines
4.5 KiB
Plaintext
# Module: cisco
|
|
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cisco.html
|
|
|
|
- module: cisco
|
|
asa:
|
|
enabled: true
|
|
|
|
# Set which input to use between syslog (default) or file.
|
|
#var.input: syslog
|
|
|
|
# The interface to listen to UDP based syslog traffic. Defaults to
|
|
# localhost. Set to 0.0.0.0 to bind to all available interfaces.
|
|
#var.syslog_host: localhost
|
|
|
|
# The UDP port to listen for syslog traffic. Defaults to 9001.
|
|
#var.syslog_port: 9001
|
|
|
|
# Set the log level from 1 (alerts only) to 7 (include all messages).
|
|
# Messages with a log level higher than the specified will be dropped.
|
|
# See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html
|
|
#var.log_level: 7
|
|
|
|
# Set internal security zones. used to override parsed network.direction
|
|
# based on zone egress and ingress
|
|
#var.internal_zones: [ "Internal" ]
|
|
|
|
# Set external security zones. used to override parsed network.direction
|
|
# based on zone egress and ingress
|
|
#var.external_zones: [ "External" ]
|
|
|
|
ftd:
|
|
enabled: true
|
|
|
|
# Set which input to use between syslog (default) or file.
|
|
#var.input: syslog
|
|
|
|
# The interface to listen to UDP based syslog traffic. Defaults to
|
|
# localhost. Set to 0.0.0.0 to bind to all available interfaces.
|
|
#var.syslog_host: localhost
|
|
|
|
# The UDP port to listen for syslog traffic. Defaults to 9003.
|
|
#var.syslog_port: 9003
|
|
|
|
# Set the log level from 1 (alerts only) to 7 (include all messages).
|
|
# Messages with a log level higher than the specified will be dropped.
|
|
# See https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs-sev-level.html
|
|
#var.log_level: 7
|
|
|
|
# Set internal security zones. used to override parsed network.direction
|
|
# based on zone egress and ingress
|
|
#var.internal_zones: [ "Internal" ]
|
|
|
|
# Set external security zones. used to override parsed network.direction
|
|
# based on zone egress and ingress
|
|
#var.external_zones: [ "External" ]
|
|
|
|
ios:
|
|
enabled: true
|
|
|
|
# Set which input to use between syslog (default) or file.
|
|
#var.input: syslog
|
|
|
|
# The interface to listen to UDP based syslog traffic. Defaults to
|
|
# localhost. Set to 0.0.0.0 to bind to all available interfaces.
|
|
#var.syslog_host: localhost
|
|
|
|
# The UDP port to listen for syslog traffic. Defaults to 9002.
|
|
#var.syslog_port: 9002
|
|
|
|
# Set custom paths for the log files when using file input. If left empty,
|
|
# Filebeat will choose the paths depending on your OS.
|
|
#var.paths:
|
|
|
|
nexus:
|
|
enabled: true
|
|
|
|
# Set which input to use between udp (default), tcp or file.
|
|
# var.input: udp
|
|
# var.syslog_host: localhost
|
|
# var.syslog_port: 9506
|
|
|
|
# Set paths for the log files when file input is used.
|
|
# var.paths:
|
|
|
|
# Toggle output of non-ECS fields (default true).
|
|
# var.rsa_fields: true
|
|
|
|
# Set custom timezone offset.
|
|
# "local" (default) for system timezone.
|
|
# "+02:00" for GMT+02:00
|
|
# var.tz_offset: local
|
|
|
|
meraki:
|
|
enabled: true
|
|
|
|
# Set which input to use between udp (default), tcp or file.
|
|
# var.input: udp
|
|
# var.syslog_host: localhost
|
|
# var.syslog_port: 9525
|
|
|
|
# Set paths for the log files when file input is used.
|
|
# var.paths:
|
|
|
|
# Toggle output of non-ECS fields (default true).
|
|
# var.rsa_fields: true
|
|
|
|
# Set custom timezone offset.
|
|
# "local" (default) for system timezone.
|
|
# "+02:00" for GMT+02:00
|
|
# var.tz_offset: local
|
|
|
|
umbrella:
|
|
enabled: true
|
|
|
|
#var.input: aws-s3
|
|
# AWS SQS queue url
|
|
#var.queue_url: https://sqs.us-east-1.amazonaws.com/ID/CiscoQueue
|
|
# Access ID to authenticate with the S3 input
|
|
#var.access_key_id: 123456
|
|
# Access key to authenticate with the S3 input
|
|
#var.secret_access_key: PASSWORD
|
|
# The duration that the received messages are hidden from ReceiveMessage request
|
|
#var.visibility_timeout: 300s
|
|
# Maximum duration before AWS API request will be interrupted
|
|
#var.api_timeout: 120s
|
|
|
|
amp:
|
|
enabled: true
|
|
|
|
# Set which input to use between httpjson (default) or file.
|
|
#var.input: httpjson
|
|
|
|
# The API URL
|
|
#var.url: https://api.amp.cisco.com/v1/events
|
|
# The client ID used as a username for the API requests.
|
|
#var.client_id:
|
|
# The API key related to the client ID.
|
|
#var.api_key:
|
|
# How far to look back the first time the module is started. Expects an amount of hours.
|
|
#var.first_interval: 24h
|
|
# Overriding the default request timeout, optional.
|
|
#var.request_timeout: 60s
|