From e7b034b960d9671cf8ed0b64ba8bcef38d70d7cc Mon Sep 17 00:00:00 2001
From: Pablo Castorino <castorinop@gmail.com>
Date: Thu, 29 Sep 2016 16:14:15 -0300
Subject: [PATCH] switch to filebeats input

---
 elk/01-mailserver.conf  | 7 -------
 elk/02-beats-input.conf | 6 ++++++
 elk/Dockerfile          | 6 ++++--
 3 files changed, 10 insertions(+), 9 deletions(-)
 delete mode 100644 elk/01-mailserver.conf
 create mode 100644 elk/02-beats-input.conf

diff --git a/elk/01-mailserver.conf b/elk/01-mailserver.conf
deleted file mode 100644
index d7e4a74d..00000000
--- a/elk/01-mailserver.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-input {
-  udp {
-    port => 10514
-    type => "syslog"
-  }
-}
-
diff --git a/elk/02-beats-input.conf b/elk/02-beats-input.conf
new file mode 100644
index 00000000..a00d3f5b
--- /dev/null
+++ b/elk/02-beats-input.conf
@@ -0,0 +1,6 @@
+input {
+  beats {
+    port => 5044
+    ssl => false
+  }
+}
diff --git a/elk/Dockerfile b/elk/Dockerfile
index 9860497b..dc62c270 100644
--- a/elk/Dockerfile
+++ b/elk/Dockerfile
@@ -17,8 +17,10 @@ RUN mkdir  -p /usr/share/GeoIP && \
 WORKDIR ${LOGSTASH_HOME}
 RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filter-geoip
 
-# add mailserver listen
-ADD 01-mailserver.conf /etc/logstash/conf.d/
+# override beats input 
+ADD 02-beats-input.conf /etc/logstash/conf.d/
 # override syslog
 ADD 10-syslog.conf /etc/logstash/conf.d/
 
+
+