Module with custom input?

hazcod · May 5, 2020, 7:55am

Hi,

Is there a method to use module parsing with your own custom input declaration?
e.g.

- module: checkpoint
  access:
input:
- type: syslog
protocol.tcp:
  host: "0.0.0.0:8001"
tls:
  certificate: foo
  key: bar

ChrsMark · May 5, 2020, 11:30am

Hi @hazcod!

It seems that no. Inputs are meant to replace modules where modules are not enough to support a case.

hazcod · May 5, 2020, 11:31am

Hi @ChrsMark, that's a bummer... I would want to use mutual TLS for syslog connections, but no modules support that. Can I utilise the module parsing on its own?

In my case I want to use the CheckPoint->ECS parser, but with mutual TLS input.

ChrsMark · May 5, 2020, 11:41am

So checkpoint module supports syslog or file as inputs. Sample config: https://github.com/elastic/beats/blob/master/x-pack/filebeat/module/checkpoint/_meta/config.yml

The question is if you can specify TLS settings in order to collect securely? From the documentation it seems that it is not supported. I would suggest you open a Github issue for this requesting this enhancement (if it is already supported and we missed that then it should be documented). What do you think?

hazcod · May 5, 2020, 11:43am

That's what I was afraid for.. I've opened up a PR for it last week: https://github.com/elastic/beats/pull/18116

system · June 2, 2020, 11:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Several inputs for modules Beats beats-module , filebeat	1	258	May 5, 2022
Unable to overwrite module input Beats filebeat	1	314	June 19, 2020
Custom module for file beat - parsing a custom log fomat Beats filebeat	5	11818	January 23, 2018
Filebeat CheckPoint Module Beats beats-module , filebeat	3	740	April 5, 2021
Doubt about System Module [Filebeat] Beats beats-module , filebeat	4	402	July 21, 2020

Module with custom input?

Related Topics