Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Module: azure
- # Docs: https://www.elastic.co/guide/en/beats/filebeat/7.10/filebeat-module-azure.html
- - module: azure
- # All logs
- activitylogs:
- enabled: false
- var:
- # eventhub name containing the activity logs, overwrite he default value if the logs are exported in a different eventhub
- eventhub: "EVENT_HUB_NAME"
- # consumer group name that has access to the event hub, we advise creating a dedicated consumer group for the azure module
- consumer_group: "$Default"
- # the connection string required to communicate with Event Hubs, steps to generate one here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string
- connection_string: ""
- # the name of the storage account the state/offsets will be stored and updated
- storage_account: ""
- # the storage account key, this key will be used to authorize access to data in your storage account
- storage_account_key: ""
- auditlogs:
- enabled: true
- var:
- eventhub: "audit_logs"
- consumer_group: "$Default"
- connection_string: "Endpoint=sb://eventhubteleconsecurity.servicebus.windows.net/;SharedAccessKeyName=FilebeatKey;SharedAccessKey=--ACCESS_KEY_GENERATED_IN_AZURE--=;EntityPath=insights-logs-auditlogs"
- storage_account: "--STORAGE_NAME--"
- storage_account_key: "--STORAGE_KEY_GENERATED_IN_AZURE--"
- signinlogs:
- enabled: true
- var:
- eventhub: "signin_logs"
- consumer_group: "$Default"
- connection_string: "Endpoint=sb://eventhubteleconsecurity.servicebus.windows.net/;SharedAccessKeyName=FilebeatKey;SharedAccessKey=--ACCESS_KEY_GENERATED_IN_AZURE--=;EntityPath=insights-logs-signinlogs"
- storage_account: "--STORAGE_NAME--"
- storage_account_key: "--STORAGE_KEY_GENERATED_IN_AZURE--"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement