# Module: zeek
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.6/filebeat-module-zeek.html

-module: zeek
capture_loss:
enabled: false
connection:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/conn.log"]
dce_rpc:
enabled: false
dhcp:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/dhcp.log"]
dnp3:
enabled: false
dns:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/dns.log"]
dpd:
enabled: false
files:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/files.log"]
ftp:
enabled: false
http:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/http.log"]
intel:
enabled: false    
irc:
enabled: false
kerberos:
enabled: false
modbus:
enabled: false
mysql:
enabled: false
notice:
enabled: false
ntlm:
enabled: false
ocsp:
enabled: false
pe:
enabled: false
radius:
enabled: false
rdp:
enabled: false
rfb:
enabled: false
signatures:
enabled: false
sip:
enabled: false
smb_cmd:
enabled: false
smb_files:
enabled: false
smb_mapping:
enabled: false
smtp:
enabled: false
snmp:
enabled: false
socks:
enabled: false
ssh:
enabled: false
ssl:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/ssl.log"]
stats:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/stats.log"]
syslog:
enabled: false
traceroute:
enabled: false
tunnel:
enabled: false
weird:
enabled: true
var.paths: ["/usr/local/zeek/logs/current/weird.log"]
x509:
enabled: false

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: