Hello,
I'm trying to get my Auditbeat running and I keep getting this error:
Exiting: 1 error: 1 error: failed to create audit client: failed to get audit status: operation not permitted
My Auditbeat config looks like this:
auditbeat:
image: docker.elastic.co/beats/auditbeat:7.6.2
pid: host
cap_add:
- AUDIT_CONTROL
- AUDIT_READ
command: -e -E 'output.elasticsearch.password=changeme'
configs:
- source: auditb_config.v3
target: /usr/share/auditbeat/auditbeat.yml
privileged: true
networks:
- elastic_elknet
When I deploy the stack I have this warning the beginning of the deployment:
Ignoring unsupported options: cap_add, pid, privileged.
I'm running my yml file on version 3.7
Any suggestions would be appreciated,
Thanks