forked from Noebas/pfsense-filebeat
-
Notifications
You must be signed in to change notification settings - Fork 0
/
filebeat.yml
44 lines (34 loc) · 1.32 KB
/
filebeat.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#================================ Logging ======================================
# There are four options for the log output: file, stderr, syslog, eventlog
# The file output is the default.
logging.level: critical
# If enabled, filebeat periodically logs its internal metrics that have changed
# in the last period. For each metric that changed, the delta from the value at
# the beginning of the period is logged. Also, the total values for
# all non-zero internal metrics are logged on shutdown. The default is true.
logging.metrics.enabled: false
# Logging to rotating files. Set logging.to_files to false to disable logging to
# files.
logging.to_files: false
logging.files:
keepfiles: 7
logging.to_syslog: true
#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/suricata/suricata_*/*.json
fields:
event.type: eve
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["172.16.0.9:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
# ssl.certificate_authorities: ["change"]
# Certificate for SSL client authentication
# ssl.certificate: "change"
# Client Certificate Key
# ssl.key: "change"