All,
First time working with anything from Elastic and I was starting with Auditbeat. I install the package and the default configuration works. But if I want to log to a file to test the FIM, auditbeats failes to start with this error
May 13 00:04:00 instance-1 systemd[1]: auditbeat.service: main process exited, code=exited, status=1/FAILURE
May 13 00:04:00 instance-1 systemd[1]: Unit auditbeat.service entered failed state.
May 13 00:04:00 instance-1 systemd[1]: auditbeat.service failed.
May 13 00:04:01 instance-1 systemd[1]: auditbeat.service holdoff time over, scheduling restart.
May 13 00:04:01 instance-1 systemd[1]: start request repeated too quickly for auditbeat.service
May 13 00:04:01 instance-1 systemd[1]: Failed to start auditbeat.
May 13 00:04:01 instance-1 systemd[1]: Unit auditbeat.service entered failed state.
May 13 00:04:01 instance-1 systemd[1]: auditbeat.service failed.
I copied the config directly from the manual so maybe I am misunderstanding how these configs are supposed to look.
#------------------------------- File output -----------------------------------
output.file:
enabled: true
path: "/tmp/auditbeat"
filename: auditbeat
rotate_every_kb: 10000
number_of_files: 7
permissions: 0600
Can you point me to where I might be going wrong on this one?