Auditbeat and dynamic variables - is it real?

Elastic Stack Beats
1

Hello, can i use dynamic variables with auditbeat? When i am typing any command (auditd module) i have to check one variable to prepare right audit event + add this variable to event. For all executing commands.

I lost all my variants:

  1. auditbeat reads systemd unit only when starts so it wont to help me (Environment option);
  2. gdb debugger not saving env variable (dont know why);
  3. write variable in auditbeat.yml or systemd unit + reload service before i execute any command - not good variant - no reliability + too overload (tons of service reloads).

Any variants pls?

2

Can you please give a concrete example. I'm having trouble understanding what you wish to accomplish.

3

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.