Skip to content

Commit

Permalink
update cisco umbrella docs (#23125) (#23136)
Browse files Browse the repository at this point in the history 
* update cisco umbrella docs

- remove info about Cisco managed s3 buckets

Closes #23107

(cherry picked from commit 697252d)
  • Loading branch information
@leehinman
leehinman authored Dec 15, 2020
1 parent bbd9da7 commit 4228b76
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 4 deletions.
3 changes: 1 addition & 2 deletions filebeat/docs/modules/cisco.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -388,7 +388,7 @@ will be found under `rsa.raw`. The default is false.

The Cisco Umbrella fileset primarily focuses on reading CSV files from an S3 bucket using the filebeat S3 input.

To configure Cisco Umbrella to log to either your own S3 bucket or one that is managed by Cisco please follow the https://docs.umbrella.com/deployment-umbrella/docs/log-management[Cisco Umbrella User Guide.]
To configure Cisco Umbrella to log to a self-managed S3 bucket please follow the https://docs.umbrella.com/deployment-umbrella/docs/log-management[Cisco Umbrella User Guide], and the link:filebeat-input-s3.html[S3 input documentation] to setup the necessary Amazon SQS queue. Retrieving logs from a Cisco-managed S3 bucket is not currently supported.

This fileset supports all 4 log types:
- Proxy
Expand All @@ -401,7 +401,6 @@ The Cisco Umbrella fileset depends on the original file path structure being fol
<subfolder>/<YYYY>-<MM>-<DD>/<YYYY>-<MM>-<DD>-<hh>-<mm>-<xxxx>.csv.gz
dnslogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz

When configuring the fileset, please ensure that the Queue URL is set to the root folder that includes each of these subfolders above.

Example config:

Expand Down
3 changes: 1 addition & 2 deletions x-pack/filebeat/module/cisco/_meta/docs.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,7 @@ will be found under `rsa.raw`. The default is false.

The Cisco Umbrella fileset primarily focuses on reading CSV files from an S3 bucket using the filebeat S3 input.

To configure Cisco Umbrella to log to either your own S3 bucket or one that is managed by Cisco please follow the https://docs.umbrella.com/deployment-umbrella/docs/log-management[Cisco Umbrella User Guide.]
To configure Cisco Umbrella to log to a self-managed S3 bucket please follow the https://docs.umbrella.com/deployment-umbrella/docs/log-management[Cisco Umbrella User Guide], and the link:filebeat-input-s3.html[S3 input documentation] to setup the necessary Amazon SQS queue. Retrieving logs from a Cisco-managed S3 bucket is not currently supported.

This fileset supports all 4 log types:
- Proxy
Expand All @@ -396,7 +396,6 @@ The Cisco Umbrella fileset depends on the original file path structure being fol
<subfolder>/<YYYY>-<MM>-<DD>/<YYYY>-<MM>-<DD>-<hh>-<mm>-<xxxx>.csv.gz
dnslogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz

When configuring the fileset, please ensure that the Queue URL is set to the root folder that includes each of these subfolders above.

Example config:

Expand Down

0 comments on commit 4228b76

Please sign in to comment.