Closed ipninichuck closed 4 years ago
Glad to help, though I'm not sure I entirely understand the question. Filebeat has a variety of modules because it handles a wide variety of file types, whereas o365beat just has the one data source (the Management Activities API from Microsoft). We're exploring adding sibling projects to o365beat to handle the G Suite Reports API and/or other SaaS audit log sources, but those are planned as separate projects for now (not modules under o365beat). I go back and forth on whether it would be a good idea to be more general (maybe "apibeat" or "saasbeat") but the unix philosophy is how we're handling it so far.
It's pretty typical for an organization to be running many different types of beats: winlogbeat for workstation logs, filebeat for server logs, etc. --- typically that's all integrated and enriched using something like logstash or piped directly into elasticsearch or another aggregator like graylog. They all work well alongside each other, even when running on the same system.
Does this answer your question?
Yeah, that makes sense. Thank you for explaining and sharing some of your thoughts on how the beats are being handled development wise.
Thanks again for your help
On Sat, Dec 7, 2019 at 5:00 PM Chris Hendricks notifications@github.com wrote:
Glad to help, though I'm not sure I entirely understand the question. Filebeat has a variety of modules because it handles a wide variety of file types, whereas o365beat just has the one data source (the Management Activities API from Microsoft). We're exploring adding sibling projects to o365beat to handle the G Suite Reports API and/or other SaaS audit log sources, but those are planned as separate projects for now (not modules under o365beat). I go back and forth on whether it would be a good idea to be more general (maybe "apibeat" or "saasbeat") but the unix philosophy https://en.wikipedia.org/wiki/Unix_philosophy#Do_One_Thing_and_Do_It_Well is how we're handling it so far.
It's pretty typical for an organization to be running many different types of beats: winlogbeat for workstation logs, filebeat for server logs, etc. --- typically that's all integrated and enriched using something like logstash or piped directly into elasticsearch or another aggregator like graylog. They all work well alongside each other, even when running on the same system.
Does this answer your question?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/counteractive/o365beat/issues/24?email_source=notifications&email_token=AGI5DZ7KZZJ442KJBF3LL3LQXRBMXA5CNFSM4JXB6OMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGGTFLY#issuecomment-562901679, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGI5DZZNUFSJJBTDQI2KP43QXRBMXANCNFSM4JXB6OMA .
-- Ivan Paul Ninichuck 949-491-2908 ipninichuck@gmail.com
My pleasure, thanks for the question! Don't hesitate to ask if something else comes up.
Hello,
Once again I have a question about what beat utilities are available. In my use case I am using beats to pull cloud logs. I am curious if it is possible to install filebeat modules on o365beat and use them as additional inputs, or is the architecture of the beat different enough that this is not possible. Once again I apologize if this questions seems straightforward, still learning about the inner-workings of beats.