Auditbeat file integrity doesn't scans shares

auditbeat file integrity doesn't scans shares nor mount points

I tried to mount windows share to a windows machine with a auditbeat on it mapped to Z:
The auditbeat does not recognizing changes there

moreover i tried mounting the same share to a linux machine and the beat doesn't recognizing changes as well
but when i restart the auditbeat on linux it detected the changes

any ideas about windows and linux ?

From the file_integrity docs

The file integrity module should not be used to monitor paths on network file systems.

To expand on that more, the reason is that OS features used to monitor changes in real-time don't work on network filesystems. Generally they can only observe changes when writer is running locally.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.