Update filebeat.yml

Jose M · Jose M · commit eb34bc3d0dbd · 2019-08-29T16:32:06.000+02:00
diff --git a/wazuh/config/filebeat.yml b/wazuh/config/filebeat.yml
@@ -1,53 +1,16 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-filebeat.inputs:
-  - type: log
-    paths:
-      - '/var/ossec/logs/alerts/alerts.json'
+
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+  - module: wazuh
+    alerts:
+      enabled: true
+    archives:
+      enabled: false
 
 setup.template.json.enabled: true
-setup.template.json.path: "/etc/filebeat/wazuh-template.json"
-setup.template.json.name: "wazuh"
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
 setup.template.overwrite: true
+setup.ilm.enabled: false
 
-processors:
-  - decode_json_fields:
-      fields: ['message']
-      process_array: true
-      max_depth: 200
-      target: ''
-      overwrite_keys: true
-  - drop_fields:
-      fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
-  - rename:
-      fields:
-        - from: "data.aws.sourceIPAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.srcip"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.win.eventdata.ipAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-
-output.elasticsearch:
-  hosts: ['http://elasticsearch:9200']
-  #pipeline: geoip
-  indices:
-    - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
+output.elasticsearch.hosts: ['http://elasticsearch:9200']
