I want to send cisco firewall logs to my elastic statck so I was trying to setup the siem for Cisco. I already have filebeat installed, so the next step is to enable the cisco module. This is what doesn't work.
root@elastic:/etc/filebeat# filebeat modules enable cisco
Error in modules manager: modules management requires 'filebeat.config.modules.path' setting
I'm sure its something simple, but I can't verify. Is it just adding the path to filebeat.yml? If so, what is the correct syntax?
This should already be set if you start from the default filebeat.yml that comes with the Filebeat package, otherwise you probably want to add the line filebeat.config.modules.path: ${path.config}/modules.d/*.yml (which is the default setting, and tells it to look in the modules.d directory inside the Filebeat package)
4 Likes
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.