diff --git a/filebeat/files/filebeat.jinja b/filebeat/files/filebeat.jinja
index f08ab78..a478348 100644
--- a/filebeat/files/filebeat.jinja
+++ b/filebeat/files/filebeat.jinja
@@ -1,5 +1,17 @@
 {%- set filebeat = salt['pillar.get']('filebeat', {}) %}
 filebeat:
+  modules:
+{%- set modules = filebeat.get('modules', {}) %}
+{%- for module in modules %}   
+  - module: {{ module.name }}
+{%- for detail in module.details %} 
+    {{ detail.name }}:
+      enabled: {{ detail.get('enabled', 'true') }}
+{%- if detail.get('paths') %}
+      var.paths: ["{{detail.paths|join('", "') }}"]
+{%- endif %}
+{%- endfor %}
+{%- endfor %}
   prospectors:
 {%- set log_paths = filebeat.get('log_paths', ['/var/log/auth.log', '/var/log/syslog']) %}
 {%- for log_path in log_paths %}
diff --git a/pillar.example b/pillar.example
index d274a1a..ec26a53 100644
--- a/pillar.example
+++ b/pillar.example
@@ -3,7 +3,15 @@ filebeat:
     config_path: /etc/mycustom/filebeat/filebeat.yml
     config_source: salt://mycustom/filebeat/filebeat.jinja
     runlevels_install: True
-
+  modules:
+    -
+      name: 'system'
+      details:
+	    -
+	      name: 'syslog'
+		  enabled: 'true'
+	      paths: 
+		    - '/path/to/log/syslog*'
   # if no log_paths specified, generic syslogs are default
   log_paths:
     -