# The eve log files to read.
input:
  - /var/log/suricata/eve.json

# Elastic Search URL
elasticsearch: http://10.16.1.10:9200

# Elastic Search username and password.
#username: admin
#password: password

# Elastic Search index. -%{YYYY.MM.DD) will be appended, so this is just the
# prefix.
index: logstash

# For loading the EveBox template (Logstash compatible) into
# Elasticsearch. It is recommended to turn this option on if only
# using EveBox to add events to Elasticsearch. Leave disabled if
# already using Logstash or Filebeat on the same index.
#
# Default: false
#force-template: false

# Disable TLS certificate check.
#disable-certificate-check: true

# When no bookmark is present start reading at the end of the file.
end: true

# Enable bookmarking so esimport can continue reading from where it
# left off after a restart.
bookmark: true

# Set a filename to keep the bookmark in case esimport cannot write to
# the log directory.
#bookmark-filename: /var/tmp/eve.json.bookmark

# If reading from multiple eve files, a bookmark directory is
# required.
#bookmark-dir: /var/tmp/bookmarks

# Change the amount of events to batch per bulk request.
#batch-size: 1000

geoip:
  # GeoIP is enabled by default if a database can be found.
  disabled: false

  # Path to the database, if not set some standard locations are
  # checked.
  #
  # The database used is the MaxMind GeoLite2 database. See:
  #    http://dev.maxmind.com/geoip/geoip2/geolite2/
  # Quick setup:
  #    cd /etc/evebox
  #    curl -OL http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz
  #
  #database-filename: /etc/evebox/GeoLite2-City.mmdb.gz
  #database-filename: /etc/evebox/GeoLite2-City.mmdb