Filebeat
Filebeat
Description
Filebeat is an agent conceived by Elastic in order to generate application logs. It is able to send them to a log collector or a SIEM.
Configuration
Warning
Target OS: Ubuntu
Filebeat is actually configured with the defaults according to the documentation. It currently works with the following softwares:
- Apache
- Auditd
- Mysql
- Squid
- Suricata
- Tomcat
No API token or ID is required. It sends the logs to the default enabled Logstash of the topology.
How to enable
You only need to click on the Add button to deploy Filebeat.
Usage
You need to activate a SIEM in order to check Logstash logs.