-
Notifications
You must be signed in to change notification settings - Fork 675
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sysutils/beats8: initial Filebeat support #4591
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@0xThiebaut thanks, some small remarks from my end, but the rest looks good.
</modules> | ||
<inputs> | ||
<enabled type="OptionField"> | ||
<Default>audit</Default> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AdSchellevis The constraint is technically that at least one of modules
or inputs
should be selected (otherwise filebeat is a no-op). Is there such a constraint?
Can't seem to immediately find something in Adding constraints.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@0xThiebaut in these cases I usually prefer to extend the validation using performValidation()
, for example dnsmasq has this.
call the parent:
make sure to return at the end:
and in the middle you can validate any rocket science you might need ;)
The sysutils/beats8 plugin and initial Filebeat support enables OPNsense to send logs to Elasticsearch for further monitoring.
The plugin has the ability to collect the following OPNsense syslogs:
It also supports the Suricata module which, with opnsense/core#8442, allows OPNsense to perform decent network monitoring.
