-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathnetflow.yml
27 lines (26 loc) · 913 Bytes
/
netflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# Module: netflow
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-netflow.html
- module: netflow
log:
enabled: true
var:
netflow_host: 0.0.0.0
netflow_port: 2055
# internal_networks specifies which networks are considered internal or private
# you can specify either a CIDR block or any of the special named ranges listed
# at: https://www.elastic.co/guide/en/beats/filebeat/current/defining-processors.html#condition-network
internal_networks:
- private
input:
processors:
- script:
lang: javascript
file: /etc/filebeat/netflow-mod-ip.js
- dns:
type: reverse
fields:
source.ip: source.domain
destination.ip: destination.domain
- script:
lang: javascript
file: /etc/filebeat/netflow-mod-domain.js