我正在尝试对filbeat osquey模块进行Intergate,我的osquery运行成功,并且日志在/var/log/osquery/osqueryd.results.log路径中建立
我正在filebeat osquery模块中传递此路径
osquery.yml
- module: osquery
result:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/var/log/osquery/osqueryd.results.log"]
# If true, all fields created by this module are prefixed with
# `osquery.result`. Set to false to copy the fields in the root
# of the document. The default is true.
var.use_namespace: true
请任何人都可以确认问题所在,filebeat的系统模块也是如此