Filebeat PANW module

gunlomboy · October 25, 2022, 1:38am

Hi,

Can anyone point me in the right direction getting the panw module to work. We are running filebeat 8.4 but everything I try results in:

Exiting: module panw is configured but has no enabled filesets

panw module is configured as follows:

# Module: panw
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-panw.html

- module: panw
  panos:
    enabled: true

    # Set which input to use between syslog (default) or file.
    var.input: file

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["/var/log/panw.log"]

Is there a step I'm missing?

Thanks.

Rios · October 25, 2022, 6:02pm

How do you receive data, by syslog or you read a log file?

Have you setup dashboards? Do you have the same fields as in the specification?

gunlomboy · October 27, 2022, 3:25am

Thanks @Rios

It was a combination of:

The ingest pipelines failing to install in elasticsearch
Permissions on the log files

Thanks for your help.

system · November 24, 2022, 5:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.