Zeek Module - Custom Zeek Install Location

MrTrav · July 18, 2019, 4:56pm

I have installed Zeek at a custom location, how can I configure the Zeek module in FileBeats to collect the logs from the proper log location?

jsoriano · July 18, 2019, 5:11pm

Hi @MrTrav,

You can customize the paths used by filebeat by setting the var.paths option on each fileset. If this is not working for you, could you paste the configuration you are using?

MrTrav · July 19, 2019, 4:27pm

Here is my configuration, not seeing anything output to console.

filebeat.inputs:

- type: log

  enabled: false

  paths:
    - /opt/nsm/zeek/logs/current/*

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 1

#output.elasticsearch:
  #hosts: ["localhost:9200"]

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

filebeat.modules:
- module: zeek
  # All logs
  connection:
    enabled: true
  dns:
    enabled: true
  http:
    enabled: true
  files:
    enabled: true
  ssl:
    enabled: true
  notice:
    enabled: true

    var.paths:
      - /opt/nsm/zeek/logs/current/conn.log

output.console:
  pretty: true

system · August 16, 2019, 4:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Overriding Var.Path variable in Filebeat Module Beats filebeat	1	626	August 27, 2019
Using Filebeat with Zeek (issue with configuration) Beats filebeat	6	4953	September 26, 2019
Zeek monitoring using filebeats Beats filebeat	7	332	December 13, 2022
Add custom tag to zeek filebeat module Beats filebeat	1	300	November 18, 2021
Configure Zeek module with the sample dashboard Beats filebeat	3	1580	August 5, 2019

Zeek Module - Custom Zeek Install Location

Related topics