44 lines
985 B
YAML
44 lines
985 B
YAML
# Wazuh - Filebeat configuration file
|
|
output.elasticsearch.hosts:
|
|
- 127.0.0.1:9200
|
|
# - <elasticsearch_ip_node_2>:9200
|
|
# - <elasticsearch_ip_node_3>:9200
|
|
|
|
output.elasticsearch:
|
|
protocol: https
|
|
username: ${username}
|
|
password: ${password}
|
|
ssl.certificate_authorities:
|
|
- /etc/filebeat/certs/root-ca.pem
|
|
ssl.certificate: "/etc/filebeat/certs/wazuh-server.pem"
|
|
ssl.key: "/etc/filebeat/certs/wazuh-server-key.pem"
|
|
setup.template.json.enabled: true
|
|
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
|
|
setup.template.json.name: 'wazuh'
|
|
setup.ilm.overwrite: true
|
|
setup.ilm.enabled: false
|
|
|
|
filebeat.modules:
|
|
- module: wazuh
|
|
alerts:
|
|
enabled: true
|
|
archives:
|
|
enabled: false
|
|
|
|
logging.level: info
|
|
logging.to_files: true
|
|
logging.files:
|
|
path: /var/log/filebeat
|
|
name: filebeat
|
|
keepfiles: 7
|
|
permissions: 0644
|
|
|
|
logging.metrics.enabled: false
|
|
|
|
seccomp:
|
|
default_action: allow
|
|
syscalls:
|
|
- action: allow
|
|
names:
|
|
- rseq
|