Hi,
Is there a method to use module parsing with your own custom input declaration?
e.g.
- module: checkpoint
access:
input:
- type: syslog
protocol.tcp:
host: "0.0.0.0:8001"
tls:
certificate: foo
key: bar
Hi,
Is there a method to use module parsing with your own custom input declaration?
e.g.
- module: checkpoint
access:
input:
- type: syslog
protocol.tcp:
host: "0.0.0.0:8001"
tls:
certificate: foo
key: bar
Hi @hazcod!
It seems that no. Inputs are meant to replace modules
where modules are not enough to support a case.
Hi @ChrsMark, that's a bummer... I would want to use mutual TLS for syslog connections, but no modules support that. Can I utilise the module parsing on its own?
In my case I want to use the CheckPoint->ECS parser, but with mutual TLS input.
So checkpoint
module supports syslog or file as inputs. Sample config: https://github.com/elastic/beats/blob/master/x-pack/filebeat/module/checkpoint/_meta/config.yml
The question is if you can specify TLS settings in order to collect securely? From the documentation it seems that it is not supported. I would suggest you open a Github issue for this requesting this enhancement (if it is already supported and we missed that then it should be documented). What do you think?
That's what I was afraid for.. I've opened up a PR for it last week: https://github.com/elastic/beats/pull/18116
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.