forked from cisagov/Malcolm
-
Notifications
You must be signed in to change notification settings - Fork 69
Expand file tree
/
Copy pathfilebeat.env.example
More file actions
58 lines (58 loc) · 3.13 KB
/
filebeat.env.example
File metadata and controls
58 lines (58 loc) · 3.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# filebeat parameters used for monitoring log files containing network traffic metadata
# (see https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html)
FILEBEAT_SCAN_FREQUENCY=10s
FILEBEAT_CLEAN_INACTIVE=180m
FILEBEAT_IGNORE_OLDER=120m
FILEBEAT_CLOSE_INACTIVE=120s
FILEBEAT_CLOSE_INACTIVE_LIVE=90m
FILEBEAT_CLOSE_RENAMED=true
FILEBEAT_CLOSE_REMOVED=true
FILEBEAT_CLOSE_EOF=true
FILEBEAT_CLEAN_REMOVED=true
# The age (in minutes) at which already-processed log files containing network traffic metadata should
# be pruned from the filesystem
LOG_CLEANUP_MINUTES=360
# The age (in minutes) at which the compressed archives containing already-processed log files should
# be pruned from the filesystem
ZIP_CLEANUP_MINUTES=720
# Verbosity flag for log/zip file cleanup process (e.g., -v, -vv, -vvv, etc.)
FILEBEAT_CLEANUP_VERBOSITY=
# Whether or not to use polling vs. native inotify API to watch for files.
# Also used for to set filebeat filestream's .file_identity and .prospector.scanner.fingerprint, see:
# - https://www.elastic.co/blog/introducing-filestream-fingerprint-mode
# - https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-filestream#filebeat-input-filestream-file-identity
# - https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-filestream#filebeat-input-filestream-scan-fingerprint
FILEBEAT_WATCHER_POLLING=false
# When polling, seconds of inactivity to assume a file is closed and ready for processing
FILEBEAT_WATCHER_POLLING_ASSUME_CLOSED_SEC=10
# file offset for .prospector.scanner.fingerprint
FILEBEAT_SCANNER_FINGERPRINT_OFFSET=0
# fingerprint length for .prospector.scanner.fingerprint
FILEBEAT_SCANNER_FINGERPRINT_LENGTH=512
# Whether or not to expose a filebeat TCP input listener (see
# https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html)
FILEBEAT_TCP_LISTEN=false
# Log format expected for events sent to the filebeat TCP input listener ('json' or 'raw')
FILEBEAT_TCP_LOG_FORMAT=json
# Source field name to parse (when FILEBEAT_TCP_LOG_FORMAT is 'json') for events sent to the
# filebeat TCP input listener
FILEBEAT_TCP_PARSE_SOURCE_FIELD=message
# Target field name to store decoded JSON fields (when FILEBEAT_TCP_LOG_FORMAT is 'json') for
# events sent to the filebeat TCP input listener
FILEBEAT_TCP_PARSE_TARGET_FIELD=miscbeat
# Name of field to drop (if it exists) in events sent to the filebeat TCP input listener
FILEBEAT_TCP_PARSE_DROP_FIELD=message
# Tag to append to events sent to the filebeat TCP input listener
FILEBEAT_TCP_TAG=_malcolm_beats
# Whether or not to expose a filebeat UDP syslog listener (see
# https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html)
FILEBEAT_SYSLOG_UDP_LISTEN=false
# UDP port on which to listen for standard syslog messages
FILEBEAT_SYSLOG_UDP_PORT=0
# Whether or not to expose a filebeat TCP syslog listener (see
# https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html)
FILEBEAT_SYSLOG_TCP_LISTEN=false
# TCP port on which to listen for standard syslog messages
FILEBEAT_SYSLOG_TCP_PORT=0
# Number of processes dedicated to preparing files for ingestion into filebeat
FILEBEAT_PREPARE_PROCESS_COUNT=1