Closed Crypt0Fox closed 3 years ago
You can use the following multiline configuration:
filebeat.inputs:
- type: log
enabled: true
paths:
- C:/ProgramData/edrsvc/log/output_events/*.log
multiline.type: pattern
multiline.pattern: '^{$'
multiline.negate: true
multiline.match: after
processors:
- decode_json_fields:
fields: ["message"]
target: "json"
I believe is because of this https://github.com/ComodoSecurity/openedr/issues/14 and this https://github.com/ComodoSecurity/openedr/issues/9
The issue seems to have been fixed, however, there has not been any new release with a new agent so it can be confirmed.
Thanks a lot!
Output is still scrambled-a-lot but at least I am receiving the contents of the log instead of just the metadata
Hi,
can someone share their Filebeat.yml configuration file? I can't seem to configure it right to show the logs that the OpenEDR collects... it only sends the metadata etc...
My filebeat.yml configuration:
**filebeat.inputs:
Maybe something to do with multiline.pattern?
Thanks ahead!