Zeek module - other logs

stcdarrell · June 26, 2019, 8:01pm

hi, i'm using filebeat with the zeek module to transfer logs to logstash then on to ES.

as of now it looks like the zeek module only handles about 5 of the zeek logs (the common ones: conn, dns, http, files, ssl, notice)

whats the best approach to getting the other logs into es?
i see the module folder under /var/lib/filebeat..
Do i just create my own modules for each of the other kinds of files (i need modbus, and weird.log)

or do i just specifically monitor those logs the standard filebeat way, and write some logstash parsers to parse them?

thanks

system · July 24, 2019, 8:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Zeek module Beats filebeat	1	532	November 22, 2019
Filebeat "zeek" module integration Beats beats-module , filebeat	2	500	January 30, 2020
I can't see Zeek's http.log in Kibana but everything else (DNS, SSL, etc.) is fine Beats filebeat	2	1555	March 2, 2020
Filebeat + zeekmodule to elastic + kibana Beats beats-module , filebeat	7	3890	December 5, 2019
Zeek Filebeat Module to Logstash JSON Logstash	2	703	October 22, 2019

Zeek module - other logs

Related topics