I am testing Filebeat 7.7 with the panw module, and am receiving THREAT type logs, but not TRAFFIC type logs. Elasticsearch version is also 7.7.
filebeat.yml config:
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
output.elasticsearch:
hosts: ["host1", "host2"]
loadbalance: true
username: "user"
password: "pass"
protocol: https
ssl.certificate_authorities: ["/path/ca.pem"]
ssl.key: "/path/ssl.key"
ssl.key_passphrase: 'passphrase'
ssl.certificate: "/path/ssl.crt"
panw.yml config:
- module: panw
panos:
enabled: true
var:
input: "file"
paths: ["/path/to/file.log"]
I'm using pretty basic config here without customization, the log file contains both threat and traffic logs. Threat logs ingest without issue, traffic logs never show up.
Any ideas where to look for logs that may point to the problem? filebeat and elasticsearch logs don't show errors that I can find.