Auditbeat 7.8 file integrity module

Mohammad_Etemad · October 30, 2020, 1:06pm

Hello,

I am using auditbeat to track file changes via the file integrity module. This works for a couple of minutes and logs the changes to files, but then stops working and no changes are detected anymore. Is this a known bug or am I configuring something wrong? Here is my yaml file:

 - module: file_integrity
  paths:
  - /etc/keepalived/keepalived.conf
  include_files:
  - '\.conf$'
  scan_at_start: true
  scan_rate_per_sec: 50 MiB
  max_file_size: 100 MiB
  hash_types: [sha1]
  recursive: false

jsoriano · November 3, 2020, 12:58pm

Hey @Mohammad_Etemad,

How are you running Auditbeat? Are the monitored files in the same system or they are mounted using some network volume?

Could you try with the latest version of Auditbeat?

Mohammad_Etemad · November 3, 2020, 3:17pm

@jsoriano The service is running as a systemd service. Files are not remote, all local. I can give it a try with the latest auditbeat but I did not see any specific notes in the change logs.

jsoriano · November 3, 2020, 5:15pm

Could you enable debug logging and check if you see anything related?

system · December 1, 2020, 7:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditbeat 7.x file integrity module Beats auditbeat	2	457	April 8, 2021
Help: auditbeat's file_integrity module not sending logs for created/modified/deleted files Beats auditbeat	1	237	September 24, 2023
File integrity module not capturing user data Beats auditbeat	2	459	April 22, 2019
Multiple auditbeat file_integrity module configurations Beats auditbeat	1	366	January 21, 2021
After a folder is deleted and recreated, file_integrity events are missing until service restart Beats auditbeat	2	332	June 28, 2023

Auditbeat 7.8 file integrity module

Related Topics