I have installed Zeek at a custom location, how can I configure the Zeek module in FileBeats to collect the logs from the proper log location?
Hi @MrTrav,
You can customize the paths used by filebeat by setting the var.paths option on each fileset. If this is not working for you, could you paste the configuration you are using?
Here is my configuration, not seeing anything output to console.
filebeat.inputs:
- type: log
enabled: false
paths:
- /opt/nsm/zeek/logs/current/*
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
#output.elasticsearch:
#hosts: ["localhost:9200"]
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
filebeat.modules:
- module: zeek
# All logs
connection:
enabled: true
dns:
enabled: true
http:
enabled: true
files:
enabled: true
ssl:
enabled: true
notice:
enabled: true
var.paths:
- /opt/nsm/zeek/logs/current/conn.log
output.console:
pretty: true