so long story shor i have try almost everything but the map is not showing any thing, the map is there but is not showing any data on it, im able to see all my logs on discovery but the map is not doing anything. i need help please and thank you. i have elasticsearch, kibana, filebeat and suricata on the same os machine im using ubuntu
this is my zeek.yml file
# Module: zeek
# Docs: Zeek (Bro) Module | Filebeat Reference [7.16] | Elastic
- module: zeek
capture_loss:
enabled: true
var.paths: ["/opt/zeek/logs/current/capture_loss.log"]
connection:
enabled: true
var.paths: ["/opt/zeek/logs/current/conn.log"]
dce_rpc:
enabled: true
var.paths: ["/opt/zeek/logs/current/dce_rpc.log"]
dhcp:
enabled: true
var.paths: ["/opt/zeek/logs/current/dhcp.log"]
dnp3:
enabled: true
var.paths: ["/opt/zeek/logs/current/dnp3.log"]
dns:
enabled: true
var.paths: ["/opt/zeek/logs/current/dns.log"]
dpd:
enabled: true
var.paths: ["/opt/zeek/logs/current/dpd.log"]
files:
enabled: true
var.paths: ["/opt/zeek/logs/current/files.log"]
ftp:
enabled: true
var.paths: ["/opt/zeek/logs/current/ftp.log"]
http:
enabled: true
var.paths: ["/opt/zeek/logs/current/http.log"]
intel:
enabled: true
var.paths: ["/opt/zeek/logs/current/intel.log"]
irc:
enabled: true
var.paths: ["/opt/zeek/logs/current/irc.log"]
kerberos:
enabled: true
var.paths: ["/opt/zeek/logs/current/kerberos.log"]
modbus:
enabled: true
var.paths: ["/opt/zeek/logs/current/modbus.log"]
mysql:
enabled: true
var.paths: ["/opt/zeek/logs/current/mysql.log"]
notice:
enabled: true
var.paths: ["/opt/zeek/logs/current/notice.log"]
ntlm:
enabled: true
var.paths: ["/opt/zeek/logs/current/ntlm.log"]
ntp:
enabled: true
var.paths: ["/opt/zeek/logs/current/ntp.log"]
ocsp:
enabled: true
var.paths: ["/opt/zeek/logs/current/oscp.log"]
pe:
enabled: true
var.paths: ["/opt/zeek/logs/current/pe.log"]
radius:
enabled: true
var.paths: ["/opt/zeek/logs/current/radius.log"]
rdp:
enabled: true
var.paths: ["/opt/zeek/logs/current/rdp.log"]
rfb:
enabled: true
var.paths: ["/opt/zeek/logs/current/rfb.log"]
signature:
enabled: false
var.paths: ["/opt/zeek/logs/current/signature.log"]
sip:
enabled: true
var.paths: ["/opt/zeek/logs/current/sip.log"]
smb_cmd:
enabled: true
var.paths: ["/opt/zeek/logs/current/smb_cmd.log"]
smb_files:
enabled: true
var.paths: ["/opt/zeek/logs/current/smb_files.log"]
smb_mapping:
enabled: true
var.paths: ["/opt/zeek/logs/current/smb_mapping.log"]
smtp:
enabled: true
var.paths: ["/opt/zeek/logs/current/smtp.log"]
snmp:
enabled: true
var.paths: ["/opt/zeek/logs/current/snmp.log"]
socks:
enabled: true
var.paths: ["/opt/zeek/logs/current/socks.log"]
ssh:
enabled: true
var.paths: ["/opt/zeek/logs/current/ssh.log"]
ssl:
enabled: true
var.paths: ["/opt/zeek/logs/current/ssl.log"]
stats:
enabled: true
var.paths: ["/opt/zeek/logs/current/stats.log"]
syslog:
enabled: true
var.paths: ["/opt/zeek/logs/current/syslog.log"]
traceroute:
enabled: true
var.paths: ["/opt/zeek/logs/current/traceroute.log"]
tunnel:
enabled: true
var.paths: ["/opt/zeek/logs/current/tunnel.log"]
weird:
enabled: true
var.paths: ["/opt/zeek/logs/current/weird.log"]
x509:
enabled: true
var.paths: ["/opt/zeek/logs/current/x509.log"]
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
and im following this lab