Hello, can i use dynamic variables with auditbeat? When i am typing any command (auditd module) i have to check one variable to prepare right audit event + add this variable to event. For all executing commands.
I lost all my variants:
- auditbeat reads systemd unit only when starts so it wont to help me (Environment option);
- gdb debugger not saving env variable (dont know why);
- write variable in auditbeat.yml or systemd unit + reload service before i execute any command - not good variant - no reliability + too overload (tons of service reloads).
Any variants pls?