Auditbeat and dynamic variables - is it real?

eee71 · April 22, 2020, 4:40pm

Hello, can i use dynamic variables with auditbeat? When i am typing any command (auditd module) i have to check one variable to prepare right audit event + add this variable to event. For all executing commands.

I lost all my variants:

auditbeat reads systemd unit only when starts so it wont to help me (Environment option);
gdb debugger not saving env variable (dont know why);
write variable in auditbeat.yml or systemd unit + reload service before i execute any command - not good variant - no reliability + too overload (tons of service reloads).

Any variants pls?

andrewkroh · May 7, 2020, 3:06pm

Can you please give a concrete example. I'm having trouble understanding what you wish to accomplish.

system · May 28, 2020, 3:06pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditbeat configuration pass dynamic shell environment variable Beats auditbeat	7	383	November 18, 2022
Beats environment variable not working Beats auditbeat	2	323	September 1, 2020
Auditbeat 7.x on CentOS 7 logging to /var/log/messages Beats auditbeat	3	1394	June 26, 2019
Auditbeat not displayiing parameters Beats auditbeat	4	469	November 4, 2022
Capture environment variable Beats filebeat	7	2420	July 5, 2017

Auditbeat and dynamic variables - is it real?

Related topics