tyler.durden/icingabeat
1
0
Fork 0
mirror of https://github.com/Icinga/icingabeat.git synced 2025-04-08 17:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
icingabeat/vendor/github.com/elastic/beats/filebeat/docs/modules/iptables.asciidoc
Blerim Sheqa ced805d846 Update to libbeat 7.4.2
2019-11-07 09:44:14 +01:00

93 lines
2.2 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

////
This file is generated! See scripts/docs_collector.py
////
[[filebeat-module-iptables]]
[role="xpack"]
:modulename: iptables
:has-dashboards: true
== Iptables module
This is a module for iptables and ip6tables logs. It parses logs received
over the network via syslog or from a file. Also, it understands the prefix added
by some Ubiquiti firewalls, which includes the rule set name, rule number and
the action performed on the traffic (allow/deny).
When you run the module, it performs a few tasks under the hood:
* Sets the default input to `syslog` and binds to `localhost` port `9001`
(but dont worry, you can override the defaults).
* Uses ingest node to parse and process the log lines, shaping the data into
a structure suitable for visualizing in Kibana.
* Deploys dashboards for visualizing the log data.
include::../include/running-modules.asciidoc[]
[float]
=== Example dashboard
This module comes with sample dashboards showing geolocation and network
protocols used. One for all iptables logs:
[role="screenshot"]
image::./images/kibana-iptables.png[]
and one specific for Ubiquiti Firewall logs:
[role="screenshot"]
image::./images/kibana-iptables-ubiquiti.png[]
include::../include/configuring-intro.asciidoc[]
The module is by default configured to run via syslog on port 9001. However
it can also be configured to read from a file path. See the following example.
["source","yaml",subs="attributes"]
-----
- module: iptables
log:
enabled: true
var.paths: ["/var/log/iptables.log"]
var.input: "file"
-----
:fileset_ex: log
include::../include/config-option-intro.asciidoc[]
[float]
==== `log` log fileset settings
include::../include/var-paths.asciidoc[]
*`var.syslog_host`*::
The interface to listen to UDP based syslog traffic. Defaults to `localhost`.
Set to `0.0.0.0` to bind to all available interfaces.
*`var.syslog_port`*::
The UDP port to listen for syslog traffic. Defaults to `9001`
NOTE: Ports below 1024 require Filebeat to run as root.
include::../include/timezone-support.asciidoc[]
:has-dashboards!:
:fileset_ex!:
:modulename!:
[float]
=== Fields
For a description of each field in the module, see the
<<exported-fields-iptables,exported fields>> section.
Reference in New Issue View Git Blame Copy Permalink