forked from cisagov/Malcolm
-
Notifications
You must be signed in to change notification settings - Fork 60
/
filebeat.env.example
30 lines (30 loc) · 1.51 KB
/
filebeat.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# filebeat parameters used for monitoring log files containing network traffic metadata
# (see https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html)
FILEBEAT_SCAN_FREQUENCY=10s
FILEBEAT_CLEAN_INACTIVE=180m
FILEBEAT_IGNORE_OLDER=120m
FILEBEAT_CLOSE_INACTIVE=120s
FILEBEAT_CLOSE_INACTIVE_LIVE=90m
FILEBEAT_CLOSE_RENAMED=true
FILEBEAT_CLOSE_REMOVED=true
FILEBEAT_CLOSE_EOF=true
FILEBEAT_CLEAN_REMOVED=true
# Whether or not to use polling vs. native inotify API to watch for files
FILEBEAT_WATCHER_POLLING=false
# When polling, seconds of inactivity to assume a file is closed and ready for processing
FILEBEAT_WATCHER_POLLING_ASSUME_CLOSED_SEC=10
# Whether or not to expose a filebeat TCP input listener (see
# https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html)
FILEBEAT_TCP_LISTEN=false
# Log format expected for events sent to the filebeat TCP input listener ('json' or 'raw')
FILEBEAT_TCP_LOG_FORMAT=json
# Source field name to parse (when FILEBEAT_TCP_LOG_FORMAT is 'json') for events sent to the
# filebeat TCP input listener
FILEBEAT_TCP_PARSE_SOURCE_FIELD=message
# Target field name to store decoded JSON fields (when FILEBEAT_TCP_LOG_FORMAT is 'json') for
# events sent to the filebeat TCP input listener
FILEBEAT_TCP_PARSE_TARGET_FIELD=miscbeat
# Name of field to drop (if it exists) in events sent to the filebeat TCP input listener
FILEBEAT_TCP_PARSE_DROP_FIELD=message
# Tag to append to events sent to the filebeat TCP input listener
FILEBEAT_TCP_TAG=_malcolm_beats