Hi team, we are facing an issue when installing Auditbeat on a new machine that collects historical data 2020 2021. Any way to fix this?
This is the configuration for Auditbeat
auditbeat.modules:
- module: system
datasets:
- host # General host information, e.g. uptime, IPs
- login # User logins, logouts, and system boots.
- package # Installed, updated, and removed packages
- process # Started and stopped processes
- user # User information
state.period: 12h
# detect any changes.
user.detect_password_changes: true
# File patterns of the login record files.
login.wtmp_file_pattern: /var/log/wtmp*
login.btmp_file_pattern: /var/log/btmp*
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 0
#index.codec: best_compression
#_source.enabled: false
setup.kibana:
output.logstash:
hosts: ["172.16.xxx.xxx:50xx"]
#================================ Processors =====================================
# Configure processors to enhance or manipulate events generated by the beat.
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~