Question regarding installing other modules on o365beat
ipninichuck opened this issue · 3 comments
Hello,
Once again I have a question about what beat utilities are available. In my use case I am using beats to pull cloud logs. I am curious if it is possible to install filebeat modules on o365beat and use them as additional inputs, or is the architecture of the beat different enough that this is not possible. Once again I apologize if this questions seems straightforward, still learning about the inner-workings of beats.
Glad to help, though I'm not sure I entirely understand the question. Filebeat has a variety of modules because it handles a wide variety of file types, whereas o365beat just has the one data source (the Management Activities API from Microsoft). We're exploring adding sibling projects to o365beat to handle the G Suite Reports API and/or other SaaS audit log sources, but those are planned as separate projects for now (not modules under o365beat). I go back and forth on whether it would be a good idea to be more general (maybe "apibeat" or "saasbeat") but the unix philosophy is how we're handling it so far.
It's pretty typical for an organization to be running many different types of beats: winlogbeat for workstation logs, filebeat for server logs, etc. --- typically that's all integrated and enriched using something like logstash or piped directly into elasticsearch or another aggregator like graylog. They all work well alongside each other, even when running on the same system.
Does this answer your question?
My pleasure, thanks for the question! Don't hesitate to ask if something else comes up.