I'm trying to get my Auditbeat running and I keep getting this error:
Exiting: 1 error: 1 error: failed to create audit client: failed to get audit status: operation not permitted
My Auditbeat config looks like this:
auditbeat: image: docker.elastic.co/beats/auditbeat:7.6.2 pid: host cap_add: - AUDIT_CONTROL - AUDIT_READ command: -e -E 'output.elasticsearch.password=changeme' configs: - source: auditb_config.v3 target: /usr/share/auditbeat/auditbeat.yml privileged: true networks: - elastic_elknet
When I deploy the stack I have this warning the beginning of the deployment:
Ignoring unsupported options: cap_add, pid, privileged.
I'm running my yml file on version 3.7
Any suggestions would be appreciated,