Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional log types to the Filebeat Zeek Module #12724

Closed
21 of 25 tasks
n0othing opened this issue Jun 28, 2019 · 9 comments
Closed
21 of 25 tasks

Add additional log types to the Filebeat Zeek Module #12724

n0othing opened this issue Jun 28, 2019 · 9 comments
Labels
enhancement Filebeat Filebeat module

Comments

@n0othing
Copy link
Member

n0othing commented Jun 28, 2019
edited by andrewkroh
Loading

Describe the enhancement:

Today, the Filebeat Zeek module supports the following log types:

  • connection
  • dns
  • files
  • https
  • notice
  • ssl

However, it would be useful to also collect:

  • dhcp
  • ftp
  • irc
  • kerberos
  • modbus
  • mysql
  • ntlm
  • radius
  • rdp
  • rfb
  • sip
  • smb_cmd
  • smtp
  • snmp
  • smb_mapping
  • smb_files
  • socks
  • ssh
  • syslog
  • intel
  • notice_alert
  • signatures
  • known_certs
  • stdout
  • stderr
@n0othing n0othing mentioned this issue Jun 28, 2019
Closed
@0huey 0huey mentioned this issue Jul 7, 2019
Closed
39 tasks
@0huey 0huey mentioned this issue Sep 13, 2019
Closed
@cwurm
Copy link
Contributor

cwurm commented Oct 30, 2019

With the exception of intel and notice_alert all have been added with #14150.

🎉 🎉 🎉

@lucabelluccini
Copy link
Contributor

It would be great to add:

  • known_certs
  • stdout
  • stderr

An exhaustive list of log files is available at https://docs.zeek.org/en/stable/script-reference/log-files.html

@andrewkroh
Copy link
Member

intel.log was added in #14404 (targeted for v7.6.0).

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@BobBlank12
Copy link

ntp and packet_filter logs?

@111andre111 111andre111 mentioned this issue May 6, 2022
Closed
28 tasks
@111andre111
Copy link
Contributor

I have now opened elastic/integrations#3288 because there are much more kinds of logs missing.

@andrewkroh
Copy link
Member

I'm going to close this issue. Most of those have been implemented and we have a fresh list of all the remaining logs in elastic/integrations#3288.

@jamiehynds
Copy link

NTP fileset added via #24224

@n0othing
Copy link
Member Author

Closing in favor of elastic/integrations#3288

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Filebeat Filebeat module
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@lucabelluccini @cwurm @andrewkroh @n0othing @elasticmachine @BobBlank12 @111andre111 @jamiehynds