54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
---
|
|
filebeat_version: 7.5.1
|
|
|
|
filebeat_create_config: true
|
|
|
|
filebeat_prospectors:
|
|
- input_type: log
|
|
paths:
|
|
- "/var/ossec/logs/alerts/alerts.json"
|
|
document_type: json
|
|
json.message_key: log
|
|
json.keys_under_root: true
|
|
json.overwrite_keys: true
|
|
|
|
filebeat_node_name: node-1
|
|
|
|
filebeat_output_elasticsearch_enabled: false
|
|
filebeat_output_elasticsearch_hosts:
|
|
- "localhost:9200"
|
|
|
|
filebeat_enable_logging: true
|
|
filebeat_log_level: debug
|
|
filebeat_log_dir: /var/log/mybeat
|
|
filebeat_log_filename: mybeat.log
|
|
|
|
filebeat_ssl_dir: /etc/pki/filebeat
|
|
filebeat_ssl_certificate_file: ""
|
|
filebeat_ssl_key_file: ""
|
|
filebeat_ssl_insecure: "false"
|
|
|
|
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
|
|
filebeat_module_package_path: /tmp/
|
|
filebeat_module_destination: /usr/share/filebeat/module
|
|
filebeat_module_folder: /usr/share/filebeat/module/wazuh
|
|
|
|
# Xpack Security
|
|
filebeat_xpack_security: false
|
|
|
|
elasticsearch_xpack_security_user: elastic
|
|
elasticsearch_xpack_security_password: elastic_pass
|
|
|
|
node_certs_generator : false
|
|
node_certs_source: /usr/share/elasticsearch
|
|
node_certs_destination: /etc/filebeat/certs
|
|
|
|
|
|
# CA Generation
|
|
master_certs_path: /es_certs
|
|
generate_CA: true
|
|
ca_cert_name: ""
|
|
|
|
elasticrepo_gpg_keyserver: pool.sks-keyservers.net
|
|
elasticrepo_server: https://artifacts.elastic.co/packages/7.x/apt
|