Attempting to set up a Cisco switch to send logs to Elastic, but Cisco.yml is missing from /etc/filebeat/modules.d folder. I'm asssuming I did something wrong in the setup, but I'm so new to ELK I don't know where to even look. Any suggestions? Thanks!
Hi @dave.mc, welcome to the Elastic community forums!
Could you tell us a bit more about how you installed Filebeat? Which Linux distribution are you running, exactly which command(s) did you use to install Filebeat, and what version of Filebeat have you installed?
Also, could you share the contents of your /etc/filebeat/modules.d folder please? That might provide some clues.
Thanks,
Shaunak
Hey Shaunak, running Debian 10 here. Filebeat 7.1.0 (I would assume, due to the file I installed from).
Installation - sudo curl -L -0 https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.1.0-amd64.deb,
then sudo dpkg -i filebeat-7.1.0-amd64.deb.
Modules.d folder
apache.yml.disabled
auditd.yml.disabled
elasticsearch.yml
haproxy.yml.disabled
icinga.yml.disabled
iis.yml.disabled
iptables.yml.disabled
kafka.yml.disabled
kibana.yml
logstash.yml
mongodb.yml.disabled
mysql.yml.disabled
nginx.yml
osquery.yml.disabled
postgresql.yml.disabled
redis.yml.disabled
santa.yml.disabled
suricata.yml.disabled
system.yml
traefik.yml.disabled
zeek.yml.disabled
Ah, this is because the cisco Filebeat module was not available in 7.1.0! It was only available starting 7.2.0.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.