CEF module and decode_cef processor

anon56147639 · August 18, 2020, 1:41pm

Hi everyone,

I have a question about the CEF module in Filebeat. Can it only be used to listen to incoming syslog traffic or can the module also read from locally stored files?
I'm asking this because there is no definition for files paths like "var.paths:" mentioned in the reference guide.
https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cef.html

If I can't use the CEF module for this purpose, can I then just use the decode_cef processor by adding code to the filebeat.yml?
Like here: https://www.elastic.co/guide/en/beats/filebeat/7.x/processor-decode-cef.html

Any help is appreciated

system · September 15, 2020, 3:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat CEF Module Beats filebeat	9	2153	December 3, 2019
Filebeat 8.3.2 module and file stream issues Beats filebeat	2	345	August 18, 2022
When the processor-decode-cef would be available? Beats filebeat	2	291	October 17, 2019
Filebeat module cef syslog parse errors Beats beats-module , filebeat	13	2058	April 15, 2020
Filebeat CEF module can't parse event as syslog rfc3164 Beats filebeat	3	1733	April 30, 2020

CEF module and decode_cef processor

Related topics