Can Zeek logs listen on a syslog port

tahseen_fatima · December 19, 2019, 9:29am

Hello,
I have a ELK setup of 7.4 in a cluster I have filebeat 7.4 version.
I am receiving zeek logs via syslog port 514, and here is the default module configuration of zeek module.

> - module: zeek
>   connection:
>     enabled: true
>   dns:
>     enabled: true
>   http:
>     enabled: true
>   files:
>     enabled: true
>   ssl:
>     enabled: true
>   notice:
>     enabled: true
> 
>     #var.paths:

But my zeek log coming on a port 514. when I am changing the configuration of zeek module to this and restarting my filebeat I am getting the following error.

> - module: zeek
>   log:
>     enabled: true
>     var:
>       syslog_host: 0.0.0.0
>       syslog_port: 514

Error: Exiting: Filebeat zeek/log is configured but doesn't existes.

Can someone please help me.
Can zeek module listen on port? Or its only read path.?

Kindly help,
Request for a quick reply.

Thanks,
Tahseen

system · January 16, 2020, 9:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.