zeek.yml

# Module: zeek
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.3/filebeat-module-zeek.html

- module: zeek
  # All logs
  connection:
    enabled: true
    var.paths: [ "/usr/local/bro/logs/current/conn.*.log", "/root/zeek/logs/conn.*.log" ]
  dns:
    enabled: true
    var.paths: [ "/usr/local/bro/logs/current/dns.*.log", "/root/zeek/logs/dns.*.log" ]
  http:
    enabled: true
    var.paths: [ "/usr/local/bro/logs/current/http.*.log", "/root/zeek/logs/http.*.log" ]
  files:
    enabled: true
    var.paths: [ "/usr/local/bro/logs/current/files.*.log", "/root/zeek/logs/files.*.log" ]
  ssl:
    enabled: true
    var.paths: [ "/usr/local/bro/logs/current/ssl.*.log", "/root/zeek/logs/ssl.*.log" ]
  notice:
    enabled: true
    var.paths: [ "/usr/local/bro/logs/current/notice.*.log", "/root/zeek/logs/notice.*.log" ]