Hi everyone,
I have a question about the CEF module in Filebeat. Can it only be used to listen to incoming syslog traffic or can the module also read from locally stored files?
I'm asking this because there is no definition for files paths like "var.paths:" mentioned in the reference guide.
https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cef.html
If I can't use the CEF module for this purpose, can I then just use the decode_cef processor by adding code to the filebeat.yml?
Like here: https://www.elastic.co/guide/en/beats/filebeat/7.x/processor-decode-cef.html
Any help is appreciated 