39 lines
1.1 KiB
Django/Jinja
39 lines
1.1 KiB
Django/Jinja
# Wazuh - Filebeat configuration file
|
|
|
|
# Wazuh - Filebeat configuration file
|
|
filebeat.modules:
|
|
- module: wazuh
|
|
alerts:
|
|
enabled: true
|
|
archives:
|
|
enabled: false
|
|
|
|
setup.template.json.enabled: true
|
|
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
|
|
setup.template.json.name: 'wazuh'
|
|
setup.template.overwrite: true
|
|
setup.ilm.enabled: false
|
|
|
|
|
|
# Send events directly to Elasticsearch
|
|
output.elasticsearch:
|
|
hosts: {{ filebeat_output_elasticsearch_hosts | to_json }}
|
|
|
|
{% if filebeat_xpack_security %}
|
|
username: {{ elasticsearch_xpack_security_user }}
|
|
password: {{ elasticsearch_xpack_security_password }}
|
|
protocol: https
|
|
{% if generate_CA == true %}
|
|
ssl.certificate_authorities:
|
|
- {{node_certs_destination}}/ca.crt
|
|
{% elif generate_CA == false %}
|
|
ssl.certificate_authorities:
|
|
- {{node_certs_destination}}/{{ca_cert_name}}
|
|
{% endif %}
|
|
|
|
ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt"
|
|
ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key"
|
|
{% endif %}
|
|
|
|
# Optional. Send events to Logstash instead of Elasticsearch
|
|
#output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"] |