Hi everyone ,
I am currently trying to configure filebeat to retrieve logs from my palo alto firewall, I have configured and enable the panw modules:
- module: panw
panos:
enabled: true
var.input: udp
var.syslog_host: 0.0.0.0
var.syslog_host: 9001
And my filebeat.yml configuration:
filebeat.inputs:
- type: log
id: my-filestream-id
enabled: true
paths:
- /var/log/*.log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: true
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "172.16.10.62:5601"
output.elasticsearch:
hosts: ["localhost:9200"]
protocol: "https"
username: "elastic"
password: "ozPpuZ0=ypPMUHJLkobf"
ssl:
enabled: true
ca_trusted_fingerprint: "051670d7e5518a12a0d63ab9c84ce6bc2313371b9a5e6d55b0e4276804eedab2"
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
And there is the error i got:
Apr 19 09:12:11 srv-elk filebeat[1363719]: {"log.level":"error","@timestamp":"2023-04-19T09:12:11.648Z","log.logger":"reload","log.origin":{"fi le.name":"cfgfile/list.go","file.line":109},"message":"Error creating runner from config: failed to create input: No paths were defined for input accessing config","service.name":"filebeat","ecs.version":"1.6.0"}
I'm just starting with filebeat but if I understand correctly I don't need to set anything in filebeats.yml if i use a module right?
If anyone has an idea ..