Hi,
I enabled the Zscaler module and edited its YAML file
module: zscaler
zia:
enabled: true# Set which input to use between udp (default), tcp or file.
var.input: tcp
var.syslog_host: 0.0.0.0
var.syslog_port: 15111
In the filebeat.yml file, I uncommented the followed configuration:
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
However, I can see in my Zscaler NSS server that packets are sent (SYN_SENT) but I cannot see anything there
What am I missing here?
Thank you 