Beats: Add additional log types to the Filebeat Zeek Module
Describe the enhancement:
Today, the Filebeat Zeek module supports the following log types:
- connection
- dns
- files
- https
- notice
- ssl
However, it would be useful to also collect:
- [x] dhcp
- [x] ftp
- [x] irc
- [x] kerberos
- [x] modbus
- [x] mysql
- [x] ntlm
- [x] radius
- [x] rdp
- [x] rfb
- [x] sip
- [x] smb_cmd
- [x] smtp
- [x] snmp
- [x] smb_mapping
- [x] smb_files
- [x] socks
- [x] ssh
- [x] syslog
- [x] intel
- [x] notice_alert
- [ ] signatures
- [ ] known_certs
- [ ] stdout
- [ ] stderr
n0othing
All 7 comments
With the exception of intel and notice_alert all have been added with https://github.com/elastic/beats/pull/14150.
馃帀 馃帀 馃帀
cwurm
on 30 Oct 2019
It would be great to add:
known_certsstdoutstderr
An exhaustive list of log files is available at https://docs.zeek.org/en/stable/script-reference/log-files.html
lucabelluccini
on 30 Oct 2019
intel.log was added in #14404 (targeted for v7.6.0).
andrewkroh
on 22 Nov 2019
Pinging @elastic/siem (Team:SIEM)
elasticmachine
on 22 Nov 2019
ntp and packet_filter logs?
BobBlank12
on 26 Mar 2020
I have now opened https://github.com/elastic/beats/issues/18868 because there are much more kinds of logs missing.
111andre111
on 30 May 2020
I'm going to close this issue. Most of those have been implemented and we have a fresh list of all the remaining logs in https://github.com/elastic/beats/issues/18868.
andrewkroh
on 1 Jun 2020
Related issues
ptrlv
路
3Comments
tsg
路
4Comments
feelan03
路
3Comments
ycombinator
路
3Comments
JalehD
路
3Comments