Hi,
we need to get a custom field in auditbeat kibana logs and this field value has to come from a shell environment variable. this shell environment variable value can be different on each shell opened.
Thanks
Satendra
To confirm, you want to access an environment variable on the host where you have auditbeat running? Having a quick look at the docs, you could try using the add_field processor while using the value of the environment variable:
Hi Carly,
Thanks for your quick response.
in my case the environment variable is dynamic i.e. its value is user specific. therefore the variable value may change on different shells.
Thanks
Satendra
So to confirm, is your variable name differing across shells? The second link shows how to extract the value of a known variable name.
Hi Carly,
No the variable name remains same but the variable value changes across shells. The problem here is- that the variable value is fetched from the shell when auditbeat daemon is started and remains constant after that.
Thanks
Satendra
Ok, apologies I'm not too sure on this one. Can you share your configuration, which auditbeat modules you're using and perhaps the variable you're trying to capture? Someone else might have an idea based on your current configuration.
Hi Carly,
i am using system module of auditbeat. i am trying to capture a username environment variable which is a customized one different from "user.name" field captured in auditbeat log.
This environment variable is set whenever a user login to a host and opens a shell, In our requirement we want to pass this customized variable name and value with the activity happening on the logged terminal.
Thanks
Satendra
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.