File: //usr/share/filebeat/module/cisco/asa/manifest.yml
module_version: "1.0"
var:
- name: paths
default:
- /var/log/cisco-asa.log
- name: tags
default: [cisco-asa, forwarded]
- name: syslog_host
default: localhost
- name: syslog_port
default: 9001
- name: input
default: udp
- name: ssl
- name: log_level
default: 7
# if ES < 6.1.0, this flag switches to false automatically when evaluating the
# pipeline
min_elasticsearch_version:
version: 6.1.0
value: false
# These flags are used internally by the shared pipeline
- name: internal_prefix
default: asa
- name: internal_PREFIX
default: ASA
- name: external_zones
- name: internal_zones
- name: timezone_offset
ingest_pipeline: ../shared/ingest/asa-ftd-pipeline.yml
input: config/input.yml
requires.processors:
- name: geoip
plugin: ingest-geoip