{ "name": "iptables", "title": "Iptables", "version": "1.23.1", "release": "ga", "description": "Collect logs from Iptables with Elastic Agent.", "type": "integration", "download": "/epr/iptables/iptables-1.23.1.zip", "path": "/package/iptables/1.23.1", "icons": [ { "src": "/img/linux.svg", "path": "/package/iptables/1.23.1/img/linux.svg", "title": "linux", "size": "299x354", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "network", "security" ], "signature_path": "/epr/iptables/iptables-1.23.1.zip.sig", "format_version": "3.0.3", "readme": "/package/iptables/1.23.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/kibana-iptables.png", "path": "/package/iptables/1.23.1/img/kibana-iptables.png", "title": "kibana iptables", "size": "1492x1382", "type": "image/png" }, { "src": "/img/kibana-iptables-ubiquiti.png", "path": "/package/iptables/1.23.1/img/kibana-iptables-ubiquiti.png", "title": "kibana iptables ubiquiti", "size": "1492x1464", "type": "image/png" } ], "assets": [ "/package/iptables/1.23.1/LICENSE.txt", "/package/iptables/1.23.1/changelog.yml", "/package/iptables/1.23.1/manifest.yml", "/package/iptables/1.23.1/validation.yml", "/package/iptables/1.23.1/docs/README.md", "/package/iptables/1.23.1/img/kibana-iptables-ubiquiti.png", "/package/iptables/1.23.1/img/kibana-iptables.png", "/package/iptables/1.23.1/img/linux.svg", "/package/iptables/1.23.1/kibana/tags.yml", "/package/iptables/1.23.1/data_stream/log/manifest.yml", "/package/iptables/1.23.1/data_stream/log/sample_event.json", "/package/iptables/1.23.1/docs/knowledge_base/service_info.md", "/package/iptables/1.23.1/kibana/dashboard/iptables-ceefb9e0-1f51-11e9-93ed-f7e068f4aebb.json", "/package/iptables/1.23.1/kibana/dashboard/iptables-d39f0980-1ff3-11e9-ae2a-939083c6a64e.json", "/package/iptables/1.23.1/kibana/search/iptables-7862cab0-1fdb-11e9-ae2a-939083c6a64e.json", "/package/iptables/1.23.1/kibana/search/iptables-9f7d97c0-1fe9-11e9-ae2a-939083c6a64e.json", "/package/iptables/1.23.1/kibana/search/iptables-b3f1b010-1f26-11e9-8ec4-cf5d91a864b3.json", "/package/iptables/1.23.1/kibana/search/iptables-c4e80aa0-1fd4-11e9-ae2a-939083c6a64e.json", "/package/iptables/1.23.1/data_stream/log/fields/agent.yml", "/package/iptables/1.23.1/data_stream/log/fields/base-fields.yml", "/package/iptables/1.23.1/data_stream/log/fields/ecs.yml", "/package/iptables/1.23.1/data_stream/log/fields/fields.yml", "/package/iptables/1.23.1/data_stream/log/fields/journald-input.yml", "/package/iptables/1.23.1/data_stream/log/agent/stream/journald.yml.hbs", "/package/iptables/1.23.1/data_stream/log/agent/stream/log.yml.hbs", "/package/iptables/1.23.1/data_stream/log/agent/stream/udp.yml.hbs", "/package/iptables/1.23.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "iptables", "title": "Iptables logs", "description": "Collect logs from iptables instances", "inputs": [ { "type": "udp", "title": "Collect iptables application logs (input: udp)", "description": "Collecting application logs from iptables instances (input: udp)" }, { "type": "logfile", "title": "Collect iptables application logs (input: logfile)", "description": "Collecting application logs from iptables instances (input: logfile)" }, { "type": "journald", "title": "Collect iptables application logs (input: journald)", "description": "Collecting application logs from iptables instances (input: journald)" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "iptables.log", "title": "Iptables log logs", "release": "beta", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Syslog Host", "description": "The interface to listen to UDP based syslog traffic. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "description": "The UDP port to listen for syslog traffic. Ports below 1024 require Filebeat to run as root.", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "iptables-log", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Iptables syslog logs", "description": "Collect iptables logs using udp input", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/iptables.log" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "iptables-log", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. Changes made to event data can break processing that happens in Ingest Node. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "log.yml.hbs", "title": "Iptables log logs", "description": "Collect iptables logs using log input", "enabled": false, "ingestion_method": "File" }, { "input": "journald", "vars": [ { "name": "paths", "type": "text", "title": "Journal paths", "description": "List of journals to read from. Defaults to the system journal.\n", "multi": true, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "iptables-log" ] }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "journald.yml.hbs", "title": "Iptables logs from journald", "description": "Collect iptables logs logged by the kernel to journald. The integration queries for", "enabled": true, "ingestion_method": "journald" } ], "package": "iptables", "path": "log" } ] }