Module with custom input?


Is there a method to use module parsing with your own custom input declaration?

- module: checkpoint
- type: syslog
  host: ""
  certificate: foo
  key: bar

Hi @hazcod!

It seems that no. Inputs are meant to replace modules where modules are not enough to support a case.

Hi @ChrsMark, that's a bummer... I would want to use mutual TLS for syslog connections, but no modules support that. Can I utilise the module parsing on its own?

In my case I want to use the CheckPoint->ECS parser, but with mutual TLS input.

So checkpoint module supports syslog or file as inputs. Sample config:

The question is if you can specify TLS settings in order to collect securely? From the documentation it seems that it is not supported. I would suggest you open a Github issue for this requesting this enhancement (if it is already supported and we missed that then it should be documented). What do you think?

That's what I was afraid for.. I've opened up a PR for it last week:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.