Example of a Suricata datasource configuration (#16496)

* Example of a Suricata datasource configuration Suricate is using the logs input but creates multiples kind of event, so its a single input mixed output. Lets try to see if type on the stream could work or not. * Update x-pack/agent/docs/agent_configuration_example.yml Co-Authored-By: Andrew Kroh <[email protected]> Co-authored-by: Andrew Kroh <[email protected]>
elastic · Feb 25, 2020 · 3ef7ccb · 3ef7ccb
1 parent 77f5f68
commit 3ef7ccb
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/x-pack/agent/docs/agent_configuration_example.yml b/x-pack/agent/docs/agent_configuration_example.yml
@@ -451,6 +451,23 @@ datasources:
             dataset: docker.network
             period: 10s
 
+#################################################################################################
+### Suricata
+#
+ - id?: suricata-x1
+   title: Suricata's data
+   namespace?: "abc"
+   package:
+     name: suricata
+     version: x.x.x
+   inputs:
+     - type: log
+       streams:
+         -  id?: {id}
+            type: "typeX"
+            dataset: suricata.logs
+            path: /var/log/surcata/eve.json
+
 #################################################################################################
 ### suggestion 1
  - id?: myendpoint-x1