Auditbeat Exclusion of Process

testtest · December 24, 2025, 9:25am

Hi All,

Could someone help me with exclude any process executable related to this path

/usr/local/manageengine/uems_agent/bin/*

(I can see a lot of incoming logs related to

/usr/local/manageengine/uems_agent/bin/dcpatchscan

/usr/local/manageengine/uems_agent/bin/dcconfig

/usr/local/manageengine/uems_agent/bin/dcservice

/usr/local/manageengine/uems_agent/bin/dcinventory

/usr/local/manageengine/uems_agent/bin/dcondemand

appreciate your help!

Tortoise · December 24, 2025, 10:18am

Welcome to the Community!!

We can use drop_event in the yaml :

Example :

Thanks!!

Topic		Replies	Views
What is Auditbeat audit syntax to exclude a process or path? Beats auditbeat	2	1884	February 19, 2022
Auditbeat 7.3: Как добавить исключение auditd Вопросы на русском языке	5	986	November 27, 2019
Log All User's Shell Activity Beats auditbeat	3	3953	September 8, 2018
Excluded_files doesn't seem to work Beats auditbeat	1	366	August 26, 2021
Auditbeat showing logs that are filtered out Beats auditbeat	2	482	February 17, 2019