This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"log.level":"info","@timestamp":"2023-08-31T15:36:18.604Z","log.origin":{"file.name":"instance/beat.go","file.line":779},"message":"Home path: [/usr/share/metricbeat] Config path: [/etc/metricbeat] Data path: [/var/lib/metricbeat] Logs path: [/var/log/metricbeat]","service.name":"metricbeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-31T15:36:18.605Z","log.origin":{"file.name":"instance/beat.go","file.line":787},"message":"Beat ID: db63bce8-398f-4389-915a-8e77b7eca9bf","service.name":"metricbeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-31T15:36:18.610Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":125},"message":"Syscall filter successfully installed","service.name":"metricbeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-31T15:36:18.610Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1299},"message":"Beat info","service.name":"metricbeat","system_info":{"beat":{"path":{"con |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"log.level":"info","@timestamp":"2023-08-30T16:56:12.780Z","log.origin":{"file.name":"instance/beat.go","file.line":779},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"debug","@timestamp":"2023-08-30T16:56:12.780Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":870},"message":"Beat metadata path: /var/lib/filebeat/meta.json","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-30T16:56:12.780Z","log.origin":{"file.name":"instance/beat.go","file.line":787},"message":"Beat ID: 998ebe76-3f5e-48e2-9944-e1ba6df5656f","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"debug","@timestamp":"2023-08-30T16:56:12.785Z","log.logger":"conditions","log.origin":{"file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"log.level":"info","@timestamp":"2023-08-30T16:41:52.425Z","log.origin":{"file.name":"instance/beat.go","file.line":779},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"debug","@timestamp":"2023-08-30T16:41:52.425Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":870},"message":"Beat metadata path: /var/lib/filebeat/meta.json","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-30T16:41:52.425Z","log.origin":{"file.name":"instance/beat.go","file.line":787},"message":"Beat ID: 998ebe76-3f5e-48e2-9944-e1ba6df5656f","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"debug","@timestamp":"2023-08-30T16:41:52.432Z","log.logger":"conditions","log.origin":{"file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"log.level":"info","@timestamp":"2023-08-30T16:41:52.425Z","log.origin":{"file.name":"instance/beat.go","file.line":779},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"debug","@timestamp":"2023-08-30T16:41:52.425Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":870},"message":"Beat metadata path: /var/lib/filebeat/meta.json","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-30T16:41:52.425Z","log.origin":{"file.name":"instance/beat.go","file.line":787},"message":"Beat ID: 998ebe76-3f5e-48e2-9944-e1ba6df5656f","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"debug","@timestamp":"2023-08-30T16:41:52.432Z","log.logger":"conditions","log.origin":{"file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~$ sudo filebeat -e | |
{"log.level":"info","@timestamp":"2023-08-30T15:43:09.907Z","log.origin":{"file.name":"instance/beat.go","file.line":779},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-30T15:43:09.907Z","log.origin":{"file.name":"instance/beat.go","file.line":787},"message":"Beat ID: 998ebe76-3f5e-48e2-9944-e1ba6df5656f","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-30T15:43:09.912Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":125},"message":"Syscall filter successfully installed","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-30T15:43:09.912Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1299},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Aug 30 12:36:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:36:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":175747072}}}},"cpu":{"system":{"ticks":727160,"time":{"ms":640}},"total":{"ticks":10709890,"time":{"ms":9620},"value":10709890},"user":{"ticks":9982730,"time":{"ms":8980}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":55920113},"version":"8.9.1"},"memstats":{"gc_next":125759528,"memory_alloc":93990456,"memory_total":635123006592,"rss":227827712},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1209,"added":21952,"done":21992},"harvester":{"open_files":19,"running":19,"started":2}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22599,"active":0,"batches":457 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"log.level":"info","@timestamp":"2023-08-17T19:47:41.688Z","log.origin":{"file.name":"instance/beat.go","file.line":779},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-17T19:47:41.688Z","log.origin":{"file.name":"instance/beat.go","file.line":787},"message":"Beat ID: 998ebe76-3f5e-48e2-9944-e1ba6df5656f","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-17T19:47:41.697Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":125},"message":"Syscall filter successfully installed","service.name":"filebeat","ecs.version":"1.6.0"} | |
{"log.level":"info","@timestamp":"2023-08-17T19:47:41.697Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1299},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"config":"/etc/fileb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Module: zeek | |
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zeek.html | |
- module: zeek | |
capture_loss: | |
enabled: true | |
var.paths: ["/mnt/Bro/current/capture_loss.log"] | |
connection: | |
enabled: true | |
var.paths: ["/mnt/Bro/current/conn.log"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###################### Filebeat Configuration Example ######################### | |
# This file is an example configuration file highlighting only the most common | |
# options. The filebeat.reference.yml file from the same directory contains all the | |
# supported options with more comments. You can use it as a reference. | |
# | |
# You can find the full configuration reference here: | |
# https://www.elastic.co/guide/en/beats/filebeat/index.html | |
# For more available modules and options, please see the filebeat.reference.yml sample |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Exiting: Failed to start crawler: creating module reloader failed: loading configs: 1 error: invalid config: yaml: line 5: mapping values are not allowed in this context |