-
Notifications
You must be signed in to change notification settings - Fork 7
/
filebeat.yml
61 lines (49 loc) · 1.71 KB
/
filebeat.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#================================ Logging ======================================
# There are four options for the log output: file, stderr, syslog, eventlog
# The file output is the default.
logging.level: critical
# If enabled, filebeat periodically logs its internal metrics that have changed
# in the last period. For each metric that changed, the delta from the value at
# the beginning of the period is logged. Also, the total values for
# all non-zero internal metrics are logged on shutdown. The default is true.
logging.metrics.enabled: false
# Logging to rotating files. Set logging.to_files to false to disable logging to
# files.
logging.to_files: false
logging.files:
keepfiles: 7
logging.to_syslog: true
#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/snort/snort_*/alert
fields:
event.type: snort
#- type: log
# enabled: true
# paths:
# - /var/log/pfblockerng/dnsbl.log
#
# fields:
# event.type: pfblocker
#------------------------------ Syslog input --------------------------------
# Experimental: Config options for the Syslog input
# Accept RFC3164 formatted syslog event via UDP.
- type: syslog
enabled: true
protocol.udp:
# The host and port to receive the new event
host: "127.0.0.1:9000"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["change:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["change"]
# Certificate for SSL client authentication
ssl.certificate: "change"
# Client Certificate Key
ssl.key: "change"