log_collection_docker/data/syslog-filebeat/config/filebeat.yml

# for more modules visit https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules-overview.html

filebeat.inputs:
- type: udp
  max_message_size: 10KiB
  host: "0.0.0.0:514"
  tags: ["udp-514"]
- type: tcp
  max_message_size: 10MiB
  host: "0.0.0.0:514"
  tags: ["tcp-514"]

filebeat.modules:
#- module: cisco
#  asa:
#    var.syslog_host: 0.0.0.0
#    var.syslog_port: 9001
#    var.log_level: 5
#
#- module: cisco
#  ios:
#    var.syslog_host: 0.0.0.0
#    var.syslog_port: 9002
#    var.log_level: 5
#
#- module: cef
#  log:
#    var.syslog_host: 0.0.0.0
#    var.syslog_port: 9003
#
#- module: checkpoint
#  firewall:
#    var.syslog_host: 0.0.0.0
#    var.syslog_port: 9004
#
- module: netflow
  log:
    enabled: true
    var:
      netflow_host: 0.0.0.0
      netflow_port: 2055
      tags: ["netflow"]

#- module: snort
#  snort:
#    var.syslog_host: 0.0.0.0
#    var.syslog_port: 9532

output.logstash:
  enabled: true
  hosts: ["${LOGSTASH_HOST}"]