Auditbeat collects old data on Linux system

Hi team, we are facing an issue when installing Auditbeat on a new machine that collects historical data 2020 2021. Any way to fix this?
This is the configuration for Auditbeat

auditbeat.modules:

- module: system

  datasets:

    - host    # General host information, e.g. uptime, IPs

    - login   # User logins, logouts, and system boots.

    - package # Installed, updated, and removed packages

    - process # Started and stopped processes

    - user    # User information




  state.period: 12h



  # detect any changes.

  user.detect_password_changes: true



  # File patterns of the login record files.

  login.wtmp_file_pattern: /var/log/wtmp*

  login.btmp_file_pattern: /var/log/btmp*



#==================== Elasticsearch template setting ==========================

setup.template.settings:

  index.number_of_shards: 0

  #index.codec: best_compression

  #_source.enabled: false



setup.kibana:



output.logstash:

  hosts: ["172.16.xxx.xxx:50xx"]

#================================ Processors =====================================



# Configure processors to enhance or manipulate events generated by the beat.



processors:

  - add_host_metadata: ~

  - add_cloud_metadata: ~

  - add_docker_metadata: ~
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.