diff --git a/docs/_include/log-shipping/certificate.md b/docs/_include/log-shipping/certificate.md index 91719eab..d542df5f 100644 --- a/docs/_include/log-shipping/certificate.md +++ b/docs/_include/log-shipping/certificate.md @@ -4,5 +4,5 @@ For HTTPS shipping, download the Logz.io public certificate to your certificate ```shell -sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt +sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/AAACertificateServices.crt ``` \ No newline at end of file diff --git a/docs/_include/log-shipping/syslog-filebeat.md b/docs/_include/log-shipping/syslog-filebeat.md index c6f3c61f..2c6ad12b 100644 --- a/docs/_include/log-shipping/syslog-filebeat.md +++ b/docs/_include/log-shipping/syslog-filebeat.md @@ -27,5 +27,5 @@ output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` \ No newline at end of file diff --git a/docs/_include/log-shipping/validate-yaml.md b/docs/_include/log-shipping/validate-yaml.md index c6bbc29d..77175f25 100644 --- a/docs/_include/log-shipping/validate-yaml.md +++ b/docs/_include/log-shipping/validate-yaml.md @@ -2,6 +2,6 @@ When you're done adding your sources, click **Make the config file** to download it. -You can compare it to our [sample configuration](https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/logz-filebeat-config.yml) if you have questions. +You can compare it to our [sample configuration](https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/logz-filebeat-config.yml) if you have questions. Validate the file using a YAML validator tool, such as ([Yamllint.com](http://www.yamllint.com/). \ No newline at end of file diff --git a/docs/shipping/Access-Management/active-directory.md b/docs/shipping/Access-Management/active-directory.md index d5db10af..3d27c608 100644 --- a/docs/shipping/Access-Management/active-directory.md +++ b/docs/shipping/Access-Management/active-directory.md @@ -26,7 +26,7 @@ Active Directory is a directory service developed by Microsoft for Windows domai Download the [Logz.io public certificate]({@include: ../../_include/log-shipping/certificate-path.md}) -to `C:\ProgramData\Winlogbeat\COMODORSADomainValidationSecureServerCA.crt` +to `C:\ProgramData\Winlogbeat\AAACertificateServices.crt` on your machine. ### Configure Windows applications as an input @@ -93,7 +93,7 @@ Winlogbeat can have one output only, so remove any other `output` entries. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['C:\ProgramData\Winlogbeat\COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['C:\ProgramData\Winlogbeat\AAACertificateServices.crt'] ``` ### Restart Winlogbeat diff --git a/docs/shipping/CI-CD/gitlab.md b/docs/shipping/CI-CD/gitlab.md index 59cad1df..34a04ec7 100644 --- a/docs/shipping/CI-CD/gitlab.md +++ b/docs/shipping/CI-CD/gitlab.md @@ -193,7 +193,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/CI-CD/jenkins.md b/docs/shipping/CI-CD/jenkins.md index cc01c49f..ba9bf90e 100644 --- a/docs/shipping/CI-CD/jenkins.md +++ b/docs/shipping/CI-CD/jenkins.md @@ -106,7 +106,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` #### Start Filebeat diff --git a/docs/shipping/CI-CD/puppet.md b/docs/shipping/CI-CD/puppet.md index 1308f80e..9250a35d 100644 --- a/docs/shipping/CI-CD/puppet.md +++ b/docs/shipping/CI-CD/puppet.md @@ -167,7 +167,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ##### Start Filebeat diff --git a/docs/shipping/Compute/apache-http-server.md b/docs/shipping/Compute/apache-http-server.md index ab379e4b..cbc29c0e 100644 --- a/docs/shipping/Compute/apache-http-server.md +++ b/docs/shipping/Compute/apache-http-server.md @@ -143,7 +143,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Containers/oracle-cloud-infrastructure-container-engine-for-kubernetes.md b/docs/shipping/Containers/oracle-cloud-infrastructure-container-engine-for-kubernetes.md index 1cf737ae..9857892e 100644 --- a/docs/shipping/Containers/oracle-cloud-infrastructure-container-engine-for-kubernetes.md +++ b/docs/shipping/Containers/oracle-cloud-infrastructure-container-engine-for-kubernetes.md @@ -62,7 +62,7 @@ Run the relevant command for your type of deployment. ##### Deploy the standard configuration ```shell -kubectl apply -f https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/k8s-filebeat-oke.yaml -f https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/filebeat-standard-configuration.yaml +kubectl apply -f https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/shipping-config-samples/k8s-filebeat-oke.yaml -f https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/filebeat-standard-configuration.yaml ``` ##### Deploy the standard configuration with Filebeat autodiscover enabled @@ -70,17 +70,17 @@ kubectl apply -f https://raw.githubusercontent.com/logzio/logz-docs/master/shipp Autodiscover allows you to adapt settings as changes happen. By defining configuration templates, the autodiscover subsystem can monitor services as they start running. See Elastic documentation to [learn more about Filebeat Autodiscover](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-autodiscover.html). ```shell -kubectl apply -f https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/k8s-filebeat-oke.yaml -f https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/filebeat-autodiscovery-configuration.yaml +kubectl apply -f https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/k8s-filebeat-oke.yaml -f https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/filebeat-autodiscovery-configuration.yaml ``` ##### Deploy a custom configuration -If you want to apply your own custom configuration, download the standard `configmap.yaml` file from the [Logz.io GitHub repo](https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/filebeat-standard-configuration.yaml) and apply your changes. Make sure to keep the file structure unchanged. +If you want to apply your own custom configuration, download the standard `configmap.yaml` file from the [Logz.io GitHub repo](https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/filebeat-standard-configuration.yaml) and apply your changes. Make sure to keep the file structure unchanged. Run the following command to download the file: ```shell -wget https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/filebeat-standard-configuration.yaml +wget https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/filebeat-standard-configuration.yaml ``` Apply your custom configuration to the parameters under `filebeat.yml` and only there. The filebeat.yml field contains a basic Filebeat configuration. You should not change the 'output' field (indicated in the example below). See Elastic documentation to [learn more about Filebeat configuration options](https://www.elastic.co/guide/en/beats/filebeat/current/configuring-howto-filebeat.html). @@ -121,13 +121,13 @@ filebeat.yml: |- logstash: hosts: ["${LOGZIO_LOGS_LISTENER_HOST}:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/SectigoRSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` Run the following to deploy your custom Filebeat configuration: ```shell -kubectl apply -f https://raw.githubusercontent.com/logzio/logz-docs/master/shipping-config-samples/k8s-filebeat-oke.yaml -f <> +kubectl apply -f https://raw.githubusercontent.com/logzio/documentation/refs/heads/master/docs/_include/general-shipping/shipping-config-samples/k8s-filebeat-oke.yaml -f <> ``` #### Check Logz.io for your logs diff --git a/docs/shipping/Database/mysql.md b/docs/shipping/Database/mysql.md index 82105697..a39662d7 100644 --- a/docs/shipping/Database/mysql.md +++ b/docs/shipping/Database/mysql.md @@ -194,7 +194,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` #### Start Filebeat diff --git a/docs/shipping/Distributed-Messaging/apache-storm.md b/docs/shipping/Distributed-Messaging/apache-storm.md index 1106fe57..3934e7a3 100644 --- a/docs/shipping/Distributed-Messaging/apache-storm.md +++ b/docs/shipping/Distributed-Messaging/apache-storm.md @@ -109,7 +109,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/GCP/gcp-stackdriver.md b/docs/shipping/GCP/gcp-stackdriver.md index 72ed564b..b7410a56 100644 --- a/docs/shipping/GCP/gcp-stackdriver.md +++ b/docs/shipping/GCP/gcp-stackdriver.md @@ -371,7 +371,7 @@ output.logstash: ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` For a full list of available Filebeat configuration options for the Google Workspace module, please see Filebeat's [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-google_workspace.html). diff --git a/docs/shipping/Load-Balancer/nginx.md b/docs/shipping/Load-Balancer/nginx.md index 3d3a3563..ce730ccb 100644 --- a/docs/shipping/Load-Balancer/nginx.md +++ b/docs/shipping/Load-Balancer/nginx.md @@ -129,7 +129,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` #### Start Filebeat diff --git a/docs/shipping/Network/juniper-srx.md b/docs/shipping/Network/juniper-srx.md index 79f4db1b..aaf67182 100644 --- a/docs/shipping/Network/juniper-srx.md +++ b/docs/shipping/Network/juniper-srx.md @@ -93,7 +93,7 @@ Copy and paste the following code block directly below. It sets Logz.io as the o output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Network/network-device.md b/docs/shipping/Network/network-device.md index e9efdb8a..502c7d5d 100644 --- a/docs/shipping/Network/network-device.md +++ b/docs/shipping/Network/network-device.md @@ -72,7 +72,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Network/openvpn.md b/docs/shipping/Network/openvpn.md index 5793e094..9e287a6f 100644 --- a/docs/shipping/Network/openvpn.md +++ b/docs/shipping/Network/openvpn.md @@ -73,7 +73,7 @@ Paste the following into the inputs section of the Filebeat configuration file: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` If you're running Filebeat 7 to 8.1, paste the code block below instead: @@ -112,7 +112,7 @@ If you're running Filebeat 7 to 8.1, paste the code block below instead: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Other/axonius.md b/docs/shipping/Other/axonius.md index 201df7f7..e5c19d8b 100644 --- a/docs/shipping/Other/axonius.md +++ b/docs/shipping/Other/axonius.md @@ -80,7 +80,7 @@ By default, syslog will be forwarded over port 514. Feel free to adjust this, ba output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` * Replace `<>` with the address of your server running Filebeat. diff --git a/docs/shipping/Other/beats.md b/docs/shipping/Other/beats.md index 1125d9c9..8238495d 100644 --- a/docs/shipping/Other/beats.md +++ b/docs/shipping/Other/beats.md @@ -60,7 +60,7 @@ This document describes the way to get logs from your system to Logz.io using an logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` 7. {@include: ../../_include/log-shipping/listener-var.html} 8. Save the changes. diff --git a/docs/shipping/Other/bunny-net.md b/docs/shipping/Other/bunny-net.md index c6b7202f..975de55d 100644 --- a/docs/shipping/Other/bunny-net.md +++ b/docs/shipping/Other/bunny-net.md @@ -103,7 +103,7 @@ sudo openssl req -newkey rsa:2048 -nodes \ output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` * Replace `<>` with the address of your server running Filebeat. diff --git a/docs/shipping/Other/microsoft-365.md b/docs/shipping/Other/microsoft-365.md index 77a15787..b73e49bf 100644 --- a/docs/shipping/Other/microsoft-365.md +++ b/docs/shipping/Other/microsoft-365.md @@ -69,7 +69,7 @@ For HTTPS shipping, download the Logz.io public certificate to your certificate ```shell -curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o C:\ProgramData\filebeat\COMODORSADomainValidationSecureServerCA.crt +curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o C:\ProgramData\filebeat\AAACertificateServices.crt ``` ### Configure Filebeat @@ -108,7 +108,7 @@ curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACert # - "Audit.General" # - "DLP.All" # Use the following settings to enable certificate-based authentication: - #var.certificate: "C:\ProgramData\filebeat1\COMODORSADomainValidationSecureServerCA.crt" + #var.certificate: "C:\ProgramData\filebeat1\AAACertificateServices.crt" # var.key: "/path/to/private_key.pem" # var.key_passphrase: "myPrivateKeyPassword" # Client-secret based authentication: @@ -158,7 +158,7 @@ curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACert logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['C:\ProgramData\filebeat\COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['C:\ProgramData\filebeat\AAACertificateServices.crt'] ``` * {@include: ../../_include/log-shipping/log-shipping-token.md} diff --git a/docs/shipping/Other/rsyslog.md b/docs/shipping/Other/rsyslog.md index a6f56578..c7f757bb 100644 --- a/docs/shipping/Other/rsyslog.md +++ b/docs/shipping/Other/rsyslog.md @@ -80,7 +80,7 @@ $InputFileSeverity info $InputFilePersistStateInterval 20000 $InputRunFileMonitor -$DefaultNetstreamDriverCAFile /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt +$DefaultNetstreamDriverCAFile /etc/pki/tls/certs/AAACertificateServices.crt $ActionSendStreamDriver gtls $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode x509/name diff --git a/docs/shipping/Other/sysmon.md b/docs/shipping/Other/sysmon.md index 57d4a8b9..ee341099 100644 --- a/docs/shipping/Other/sysmon.md +++ b/docs/shipping/Other/sysmon.md @@ -30,7 +30,7 @@ Sysmon (System Monitor) is a Windows system service that monitors and logs syste Download the [Logz.io public certificate]({@include: ../../_include/log-shipping/certificate-path.md}) -to `C:\ProgramData\Winlogbeat\COMODORSADomainValidationSecureServerCA.crt` +to `C:\ProgramData\Winlogbeat\AAACertificateServices.crt` on your machine. ### Configure Windows applications as an input @@ -69,7 +69,7 @@ processors: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['C:\ProgramData\Winlogbeat\COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['C:\ProgramData\Winlogbeat\AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/auditbeat.md b/docs/shipping/Security/auditbeat.md index 16767802..214cf5ca 100644 --- a/docs/shipping/Security/auditbeat.md +++ b/docs/shipping/Security/auditbeat.md @@ -152,7 +152,7 @@ auditbeat.modules: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/check-point.md b/docs/shipping/Security/check-point.md index 89abc017..a4735792 100644 --- a/docs/shipping/Security/check-point.md +++ b/docs/shipping/Security/check-point.md @@ -136,7 +136,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Security/cisco-asa.md b/docs/shipping/Security/cisco-asa.md index 8128015c..432ea51b 100644 --- a/docs/shipping/Security/cisco-asa.md +++ b/docs/shipping/Security/cisco-asa.md @@ -103,7 +103,7 @@ If Logz.io is not an output, add it now. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Security/cisco-meraki.md b/docs/shipping/Security/cisco-meraki.md index 27a47765..5f1e20e4 100644 --- a/docs/shipping/Security/cisco-meraki.md +++ b/docs/shipping/Security/cisco-meraki.md @@ -84,7 +84,7 @@ processors: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` {@include: ../../_include/general-shipping/replace-placeholders.html} diff --git a/docs/shipping/Security/cynet.md b/docs/shipping/Security/cynet.md index 3cdf6d80..5079d77e 100644 --- a/docs/shipping/Security/cynet.md +++ b/docs/shipping/Security/cynet.md @@ -84,7 +84,7 @@ These instructions are based on UDP. If you want to use TCP, make sure your sysl output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` * 9000 is the port we suggest. If you use a different port, replace the default values with your parameters. diff --git a/docs/shipping/Security/eset.md b/docs/shipping/Security/eset.md index 54ff079a..d9eaa4f1 100644 --- a/docs/shipping/Security/eset.md +++ b/docs/shipping/Security/eset.md @@ -87,7 +87,7 @@ processors: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/fail2ban.md b/docs/shipping/Security/fail2ban.md index 8447fc17..0cea3c7e 100644 --- a/docs/shipping/Security/fail2ban.md +++ b/docs/shipping/Security/fail2ban.md @@ -91,7 +91,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Security/falco.md b/docs/shipping/Security/falco.md index 137e168e..2011a516 100644 --- a/docs/shipping/Security/falco.md +++ b/docs/shipping/Security/falco.md @@ -219,7 +219,7 @@ filebeat.registry.path: /var/lib/filebeat output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` If you're running Filebeat 7 to 8.1, paste the code block below instead: @@ -257,7 +257,7 @@ processors: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/fortigate.md b/docs/shipping/Security/fortigate.md index 55e16e8e..5f07196f 100644 --- a/docs/shipping/Security/fortigate.md +++ b/docs/shipping/Security/fortigate.md @@ -116,7 +116,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Security/hashicorp-vault.md b/docs/shipping/Security/hashicorp-vault.md index 23e534c5..cfcd91d1 100644 --- a/docs/shipping/Security/hashicorp-vault.md +++ b/docs/shipping/Security/hashicorp-vault.md @@ -102,7 +102,7 @@ processors: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` If you're running Filebeat 7 to 8.1, paste the code block below instead: @@ -151,7 +151,7 @@ processors: output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/mcafee-epolicy-orchestrator.md b/docs/shipping/Security/mcafee-epolicy-orchestrator.md index 8bd4462c..8ec2572e 100644 --- a/docs/shipping/Security/mcafee-epolicy-orchestrator.md +++ b/docs/shipping/Security/mcafee-epolicy-orchestrator.md @@ -117,7 +117,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Security/modsecurity.md b/docs/shipping/Security/modsecurity.md index 96c46059..225ea31a 100644 --- a/docs/shipping/Security/modsecurity.md +++ b/docs/shipping/Security/modsecurity.md @@ -55,7 +55,7 @@ output: logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` If you're running Filebeat 7 to 8.1, paste the code block below instead: @@ -100,7 +100,7 @@ output: logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/openvas.md b/docs/shipping/Security/openvas.md index 57b38832..72adcabc 100644 --- a/docs/shipping/Security/openvas.md +++ b/docs/shipping/Security/openvas.md @@ -66,7 +66,7 @@ output: logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` @@ -115,7 +115,7 @@ output: logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/ossec.md b/docs/shipping/Security/ossec.md index 1873b934..bb8b6a47 100644 --- a/docs/shipping/Security/ossec.md +++ b/docs/shipping/Security/ossec.md @@ -115,7 +115,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ##### Start Filebeat diff --git a/docs/shipping/Security/palo-alto-networks.md b/docs/shipping/Security/palo-alto-networks.md index 5434dbf7..7f7f0221 100644 --- a/docs/shipping/Security/palo-alto-networks.md +++ b/docs/shipping/Security/palo-alto-networks.md @@ -161,7 +161,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ##### Start Filebeat diff --git a/docs/shipping/Security/pfsense.md b/docs/shipping/Security/pfsense.md index 0e309f92..8bea6b4f 100644 --- a/docs/shipping/Security/pfsense.md +++ b/docs/shipping/Security/pfsense.md @@ -89,7 +89,7 @@ By default, syslog will be forwarded over port 514. Feel free to adjust this, ba output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` * Replace `<>` with the address of your server running Filebeat. diff --git a/docs/shipping/Security/sentinelone.md b/docs/shipping/Security/sentinelone.md index 133238a2..dda5de78 100644 --- a/docs/shipping/Security/sentinelone.md +++ b/docs/shipping/Security/sentinelone.md @@ -97,7 +97,7 @@ output: logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/sonicwall.md b/docs/shipping/Security/sonicwall.md index fb1fbf33..3636abec 100644 --- a/docs/shipping/Security/sonicwall.md +++ b/docs/shipping/Security/sonicwall.md @@ -94,7 +94,7 @@ It sets Logz.io as the output. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` diff --git a/docs/shipping/Security/sophos.md b/docs/shipping/Security/sophos.md index 7df284fc..3ff07968 100644 --- a/docs/shipping/Security/sophos.md +++ b/docs/shipping/Security/sophos.md @@ -63,7 +63,7 @@ output: logstash: hosts: ["<>"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` If you're running Filebeat 7 to 8.1, paste the code block below instead: @@ -108,7 +108,7 @@ output: logstash: hosts: ["<>"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` @@ -222,7 +222,7 @@ output: logstash: hosts: ["<>"] ssl: - certificate_authorities: ['C:\ProgramData\Filebeat\COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['C:\ProgramData\Filebeat\AAACertificateServices.crt'] ``` {@include: ../../_include/log-shipping/listener-var.html} diff --git a/docs/shipping/Security/stormshield.md b/docs/shipping/Security/stormshield.md index bc4472a2..34f46e8e 100644 --- a/docs/shipping/Security/stormshield.md +++ b/docs/shipping/Security/stormshield.md @@ -77,7 +77,7 @@ Still in the same configuration file, check if Logz.io is already an output. If output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` {@include: ../../_include/log-shipping/listener-url.html} diff --git a/docs/shipping/Security/trend-micro.md b/docs/shipping/Security/trend-micro.md index 6ea8ece1..2cca6bc8 100644 --- a/docs/shipping/Security/trend-micro.md +++ b/docs/shipping/Security/trend-micro.md @@ -91,7 +91,7 @@ Still in the same configuration file, check if Logz.io is already an output. If output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` {@include: ../../_include/log-shipping/listener-url.html} diff --git a/docs/shipping/Security/wazuh.md b/docs/shipping/Security/wazuh.md index b480cab3..7b47586b 100644 --- a/docs/shipping/Security/wazuh.md +++ b/docs/shipping/Security/wazuh.md @@ -107,7 +107,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/shipping/Security/windows-defender.md b/docs/shipping/Security/windows-defender.md index 819e07f7..93ab481e 100644 --- a/docs/shipping/Security/windows-defender.md +++ b/docs/shipping/Security/windows-defender.md @@ -65,7 +65,7 @@ Now click **OK** to exit all those dialogs you just opened. 😬 Download the [Logz.io public certificate]({@include: ../../_include/log-shipping/certificate-path.md}) -to `C:\ProgramData\Winlogbeat\COMODORSADomainValidationSecureServerCA.crt` +to `C:\ProgramData\Winlogbeat\AAACertificateServices.crt` on your machine. ### Configure Windows input @@ -129,7 +129,7 @@ Winlogbeat can have one output only, so remove any other `output` entries. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['C:\ProgramData\Winlogbeat\COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['C:\ProgramData\Winlogbeat\AAACertificateServices.crt'] ``` ### Restart Winlogbeat diff --git a/docs/shipping/Security/zeek.md b/docs/shipping/Security/zeek.md index 2ea75f8f..8c6af329 100644 --- a/docs/shipping/Security/zeek.md +++ b/docs/shipping/Security/zeek.md @@ -156,7 +156,7 @@ Remove all other outputs. output.logstash: hosts: ["<>:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Start Filebeat diff --git a/docs/user-guide/log-management/troubleshooting/troubleshooting-filebeat.md b/docs/user-guide/log-management/troubleshooting/troubleshooting-filebeat.md index 0ca9e201..e60ad2c0 100644 --- a/docs/user-guide/log-management/troubleshooting/troubleshooting-filebeat.md +++ b/docs/user-guide/log-management/troubleshooting/troubleshooting-filebeat.md @@ -114,7 +114,7 @@ Instead of this: output.logstash: hosts: ["listenerlogz.io:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` The code should look like this: @@ -124,7 +124,7 @@ output: logstash: hosts: ["listener.logz.io:5015"] ssl: - certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] + certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt'] ``` ### Problem: Connection error @@ -177,7 +177,7 @@ Test-NetConnection listener.logz.io -Port 5015 Confirm that you have downloaded and placed the correct certificate in the correct location. * To find the location of the certificate, open the filebeat.yml file and search for the field `certificate_authorities`. In our example configuration, we recommend the following location: -certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt'] +certificate_authorities: ['/etc/pki/tls/certs/AAACertificateServices.crt']

Check if your server has access to the Logz.io listener