diff --git a/filebeat/config.sls b/filebeat/config.sls
index 952172d..12e1631 100644
--- a/filebeat/config.sls
+++ b/filebeat/config.sls
@@ -1,6 +1,6 @@
 {% from "filebeat/map.jinja" import conf with context %}
 
-{% if salt['pillar.get']('filebeat:logstash:tls:enabled', False)  %}
+{% if salt['pillar.get']('filebeat:logstash:tls:use_custom_ca', False)  %}
 {{ salt['pillar.get']('filebeat:logstash:tls:ssl_cert_path', '/etc/pki/tls/certs/logstash-forwarder.crt') }}:
   file.managed:
     - source: {{ salt['pillar.get']('filebeat:logstash:tls:ssl_cert', 'salt://filebeat/files/ca.pem') }}
diff --git a/filebeat/files/filebeat.jinja b/filebeat/files/filebeat.jinja
index 05fc670..4717333 100644
--- a/filebeat/files/filebeat.jinja
+++ b/filebeat/files/filebeat.jinja
@@ -11,6 +11,7 @@ filebeat:
       input_type: {{ log_path.get('input_type', 'log') }}
       document_type: {{ log_path.get('document_type', 'syslog') }}
       ignore_older: {{ log_path.get('ignore_older', '24h') }}
+      tail_files: {{ log_path.get('tail_files', 'false') }}
       scan_frequency: {{ log_path.get('scan_frequency', '10s') }}
       backoff: {{ log_path.get('backoff', '1s') }}
       max_backoff: {{ log_path.get('max_backoff', '10s') }}
@@ -61,10 +62,12 @@ output:
 {%- if 'tls' in logstash %}
 {%- if logstash.tls.get('enabled', False) %}
     tls:
+{%- if logstash.tls.get('use_custom_ca', False) %}
       certificate_authorities: ["{{ logstash.tls.ssl_cert_path }}"]
 {%- endif %}
 {%- endif %}
 {%- endif %}
+{%- endif %}
 
 shipper:
 
diff --git a/pillar.example b/pillar.example
index d274a1a..4ab9929 100644
--- a/pillar.example
+++ b/pillar.example
@@ -41,6 +41,9 @@ filebeat:
     server: 127.0.0.1:5044
     tls:
       enabled: True
+      # set to true to use your own certificate authority
+      # defaults to False and uses the system CAs
+      use_custom_ca: True
       # this is the public key from your ELK server
       # default path is salt://filebeat/files/ca.pem
       ssl_cert: salt://mycustom/filebeat/logstash-forwarder.crt