filebeat.modules: - module: suricata eve: enabled: true var.paths: ["/var/log/suricata/eve.json"] # - module: system # syslog: # enabled: true # auth: # enabled: true # - module: auditd # log: # # - Does not look like Auditd is supported in Alpine linux: https://github.com/linuxkit/linuxkit/issues/52 # # - CentOS does not need us to install the audit system, it ships as standard. If you are using Ubuntu, though, # # this is probably something you would want to install. (sudo apt-get install -y auditd audispd-plugins) # enabled: true #filebeat.inputs: #- type: container # enabled: true # paths: # -/var/lib/docker/containers/*/*.log # stream: all # can be all, stdout or stderr #========================== Filebeat autodiscover ============================== # See this URL on how to run Apache2 Filebeat module: # https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html filebeat.autodiscover: providers: - type: docker # https://www.elastic.co/guide/en/beats/filebeat/current/configuration-autodiscover-hints.html # This URL alos contains instructions on multi-line logs hints.enabled: true #================================ Processors =================================== processors: #- add_cloud_metadata: ~ - add_docker_metadata: ~ - add_locale: format: offset - add_host_metadata: netinfo.enabled: true #========================== Elasticsearch output =============================== output.elasticsearch: hosts: ["${ELASTICSEARCH_HOST}:9200"] username: ${ELASTICSEARCH_USERNAME} password: ${ELASTICSEARCH_PASSWORD} #============================== Dashboards ===================================== setup.dashboards: enabled: true #============================== Kibana ========================================= setup.kibana: host: "${KIBANA_HOST}:80" username: ${ELASTICSEARCH_USERNAME} password: ${ELASTICSEARCH_PASSWORD} #============================== Xpack Monitoring =============================== xpack.monitoring: enabled: true elasticsearch: