##Packetbeat configuration file##
packetbeat.interfaces.device: 0  ##the interface you want to capture traffic
packetbeat.protocols.dns:
    ports: [53]
output.logstash:
     hosts: ["192.168.0.130:50445"]  ##The Lumu VA IP and port
processors:
   - drop_event:
       when:
         equals:
                client.ip: 192.168.0.135  ##IP of the Packetbeat machine
   - include_fields:
       fields:
          - network.protocol
          - client.ip
          - dns.id
          - dns.op_code
          - dns.response_code
          - dns.question.type
          - dns.question.name
          - dns.question.class
          - dns.flags.authoritative
          - dns.flags.recursion_available
          - dns.flags.truncated_response
          - dns.flags.checking_disabled
          - dns.flags.recursion_desired
          - dns.flags.authentic_data
          - dns.answers
# logging.level: debug
# logging.to_eventlog: true