Additional zeek module log files

[111andre111]

Describe the enhancement:
I checked again the existing log types that exist in filebeat because of a test I made with zeek 3.0.
https://docs.zeek.org/en/current/script-reference/log-files.html
These issues
elastic/beats#12724
elastic/beats#12812
elastic/beats#14150
elastic/beats#14404

I did now produce a list of all logs to identify all missing log types:

• barnyard2.log
• broker.log
• cluster.log
• config.log
• known_certs.log
• known_hosts.log
• known_modbus.log
• known_services.log
• loaded_scripts.log
• modbus_register_change.log
• netcontrol_catch_release.log
• netcontrol_drop.log
• netcontrol_shunt.log
• netcontrol.log
• notice_alarm.log
• ntp.log - [Filebeat] Add Zeek NTP Fileset beats#24224
• openflow.log
• packet_filter.log
• print.log
• prof.log
• reporter.log
• signatures.log - [Filebeat] Add Zeek Signatures fileset beats#23772
• software.log
• stderr.log
• stdout.log
• unified2.log
• weird_stats.log

One special part is extra

• signatures.log was already committed contributed but not merged but never made it into release somehow unfortunately.
  At the moment because this one using seek module need you to disable the signatures.log logtype:
  https://github.com/elastic/beats/blob/v7.7.0/x-pack/filebeat/modules.d/zeek.yml.disabled#L49-L50

zeek-log-types.xlsx

Additionally documentation doesn't have much information about how to configure seek module:
https://www.elastic.co/guide/en/beats/filebeat/7.7/filebeat-module-zeek.html

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[andrewkroh]

The signatures.log fileset was never actually merged into Filebeat. I've opened a PR to fix the default config. We'll have to extract the signatures fileset from the closed PR and bring it into master. elastic/beats#18878

[legoguy1000]

signature and ntp have been merged, elastic/beats#23772 and elastic/beats#24224

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[botelastic]

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

[rwaight]

This issue is relevant and should be worked on. The current version of Zeek (4.2.0) has a list of 65 .log files.

[111andre111]

Yes @rwaight that would be really neat if we could have some progress here.

[jamiehynds]

Moved from Beats to Integration repo as enhancements to our Zeek support will be focused on our agent integration.

[austinarmbruster-elastic]

👍 Zeek logs are coming up in a new deal with a customer. Still discovering the details on which specific log types must be supported.

[botelastic]

Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!