Add 21 autogenerated filesets from rsa2elk devices

filebeat/docs/modules/barracuda.asciidoc

@@ -0,0 +1,79 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-barracuda]]
+[role="xpack"]
+
+:modulename: barracuda
+:has-dashboards: false
+
+== Barracuda module
+
+experimental[]
+
+This is a module for receiving Barracuda Web Application Firewall logs over Syslog or a file.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: waf
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `waf` fileset settings
+
+experimental[]
+
+NOTE: This was converted from RSA NetWitness log parser XML "barracudawaf" device revision 132.
+
+*`var.input`*::
+
+The input from which messages are read. One of `file`, `tcp` or `udp`.
+
+*`var.syslog_host`*::
+
+The address to listen to UDP or TCP based syslog traffic.
+Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+*`var.syslog_port`*::
+
+The port to listen for syslog traffic. Defaults to `9503`
+
+NOTE: Ports below 1024 require Filebeat to run as root.
+
+*`var.tz_offset`*::
+
+By default, datetimes in the logs will be interpreted as relative to
+the timezone configured in the host where {beatname_uc} is running. If ingesting
+logs from a host on a different timezone, use this field to set the timezone
+offset so that datetimes are correctly parsed. Valid values are in the form
+±HH:mm, for example, `-07:00` for `UTC-7`.
+
+*`var.rsa_fields`*::
+
+Flag to control the addition of non-ECS fields to the event. Defaults to true,
+which causes both ECS and custom fields under `rsa` to be are added.
+
+*`var.keep_raw_fields`*::
+
+Flag to control the addition of the raw parser fields to the event. This fields
+will be found under `rsa.raw`. The default is false.
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-barracuda,exported fields>> section.
+

filebeat/docs/modules/bluecoat.asciidoc

@@ -0,0 +1,79 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-bluecoat]]
+[role="xpack"]
+
+:modulename: bluecoat
+:has-dashboards: false
+
+== Bluecoat module
+
+experimental[]
+
+This is a module for receiving Blue Coat Director logs over Syslog or a file.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: director
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `director` fileset settings
+
+experimental[]
+
+NOTE: This was converted from RSA NetWitness log parser XML "bluecoatdirector" device revision 0.
+
+*`var.input`*::
+
+The input from which messages are read. One of `file`, `tcp` or `udp`.
+
+*`var.syslog_host`*::
+
+The address to listen to UDP or TCP based syslog traffic.
+Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+*`var.syslog_port`*::
+
+The port to listen for syslog traffic. Defaults to `9505`
+
+NOTE: Ports below 1024 require Filebeat to run as root.
+
+*`var.tz_offset`*::
+
+By default, datetimes in the logs will be interpreted as relative to
+the timezone configured in the host where {beatname_uc} is running. If ingesting
+logs from a host on a different timezone, use this field to set the timezone
+offset so that datetimes are correctly parsed. Valid values are in the form
+±HH:mm, for example, `-07:00` for `UTC-7`.
+
+*`var.rsa_fields`*::
+
+Flag to control the addition of non-ECS fields to the event. Defaults to true,
+which causes both ECS and custom fields under `rsa` to be are added.
+
+*`var.keep_raw_fields`*::
+
+Flag to control the addition of the raw parser fields to the event. This fields
+will be found under `rsa.raw`. The default is false.
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-bluecoat,exported fields>> section.
+

filebeat/docs/modules/cisco.asciidoc

@@ -16,6 +16,7 @@ filesets for receiving logs over syslog or read from a file:
 - `asa` fileset: supports Cisco ASA firewall logs.
 - `ftd` fileset: supports Cisco Firepower Threat Defense logs.
 - `ios` fileset: supports Cisco IOS router and switch logs.
+- `nexus` fileset: supports Cisco Nexus switch logs.
 
 Cisco ASA devices also support exporting flow records using NetFlow, which is
 supported by the {filebeat-ref}/filebeat-module-netflow.html[netflow module] in
@@ -299,6 +300,51 @@ include::../include/timezone-support.asciidoc[]
 
 :fileset_ex!:
 
+[float]
+==== `nexus` fileset settings
+
+experimental[]
+
+NOTE: This was converted from RSA NetWitness log parser XML "cisconxos" device revision 134.
+
+*`var.input`*::
+
+The input from which messages are read. One of `file`, `tcp` or `udp`.
+
+*`var.syslog_host`*::
+
+The address to listen to UDP or TCP based syslog traffic.
+Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+*`var.syslog_port`*::
+
+The port to listen for syslog traffic. Defaults to `9506`
+
+NOTE: Ports below 1024 require Filebeat to run as root.
+
+*`var.tz_offset`*::
+
+By default, datetimes in the logs will be interpreted as relative to
+the timezone configured in the host where {beatname_uc} is running. If ingesting
+logs from a host on a different timezone, use this field to set the timezone
+offset so that datetimes are correctly parsed. Valid values are in the form
+±HH:mm, for example, `-07:00` for `UTC-7`.
+
+*`var.rsa_fields`*::
+
+Flag to control the addition of non-ECS fields to the event. Defaults to true,
+which causes both ECS and custom fields under `rsa` to be are added.
+
+*`var.keep_raw_fields`*::
+
+Flag to control the addition of the raw parser fields to the event. This fields
+will be found under `rsa.raw`. The default is false.
+
+:has-dashboards!:
+
+:fileset_ex!:
+
 [float]
 [[dynamic-script-compilations]]
 === Dynamic Script Compilations

filebeat/docs/modules/citrix.asciidoc

@@ -0,0 +1,79 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-citrix]]
+[role="xpack"]
+
+:modulename: citrix
+:has-dashboards: false
+
+== Citrix module
+
+experimental[]
+
+This is a module for receiving Citrix XenApp logs over Syslog or a file.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: virtualapps
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `virtualapps` fileset settings
+
+experimental[]
+
+NOTE: This was converted from RSA NetWitness log parser XML "citrixxa" device revision 79.
+
+*`var.input`*::
+
+The input from which messages are read. One of `file`, `tcp` or `udp`.
+
+*`var.syslog_host`*::
+
+The address to listen to UDP or TCP based syslog traffic.
+Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+*`var.syslog_port`*::
+
+The port to listen for syslog traffic. Defaults to `9507`
+
+NOTE: Ports below 1024 require Filebeat to run as root.
+
+*`var.tz_offset`*::
+
+By default, datetimes in the logs will be interpreted as relative to
+the timezone configured in the host where {beatname_uc} is running. If ingesting
+logs from a host on a different timezone, use this field to set the timezone
+offset so that datetimes are correctly parsed. Valid values are in the form
+±HH:mm, for example, `-07:00` for `UTC-7`.
+
+*`var.rsa_fields`*::
+
+Flag to control the addition of non-ECS fields to the event. Defaults to true,
+which causes both ECS and custom fields under `rsa` to be are added.
+
+*`var.keep_raw_fields`*::
+
+Flag to control the addition of the raw parser fields to the event. This fields
+will be found under `rsa.raw`. The default is false.
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-citrix,exported fields>> section.
+

filebeat/docs/modules/cylance.asciidoc

@@ -0,0 +1,79 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-cylance]]
+[role="xpack"]
+
+:modulename: cylance
+:has-dashboards: false
+
+== Cylance module
+
+experimental[]
+
+This is a module for receiving CylanceProtect logs over Syslog or a file.
+
+include::../include/gs-link.asciidoc[]
+
+include::../include/configuring-intro.asciidoc[]
+
+:fileset_ex: protect
+
+include::../include/config-option-intro.asciidoc[]
+
+[float]
+==== `protect` fileset settings
+
+experimental[]
+
+NOTE: This was converted from RSA NetWitness log parser XML "cylance" device revision 127.
+
+*`var.input`*::
+
+The input from which messages are read. One of `file`, `tcp` or `udp`.
+
+*`var.syslog_host`*::
+
+The address to listen to UDP or TCP based syslog traffic.
+Defaults to `localhost`.
+Set to `0.0.0.0` to bind to all available interfaces.
+
+*`var.syslog_port`*::
+
+The port to listen for syslog traffic. Defaults to `9508`
+
+NOTE: Ports below 1024 require Filebeat to run as root.
+
+*`var.tz_offset`*::
+
+By default, datetimes in the logs will be interpreted as relative to
+the timezone configured in the host where {beatname_uc} is running. If ingesting
+logs from a host on a different timezone, use this field to set the timezone
+offset so that datetimes are correctly parsed. Valid values are in the form
+±HH:mm, for example, `-07:00` for `UTC-7`.
+
+*`var.rsa_fields`*::
+
+Flag to control the addition of non-ECS fields to the event. Defaults to true,
+which causes both ECS and custom fields under `rsa` to be are added.
+
+*`var.keep_raw_fields`*::
+
+Flag to control the addition of the raw parser fields to the event. This fields
+will be found under `rsa.raw`. The default is false.
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-cylance,exported fields>> section.
+