auditbeat file integrity doesn't scans shares nor mount points
I tried to mount windows share to a windows machine with a auditbeat on it mapped to Z:
The auditbeat does not recognizing changes there
moreover i tried mounting the same share to a linux machine and the beat doesn't recognizing changes as well
but when i restart the auditbeat on linux it detected the changes
any ideas about windows and linux ?
From the file_integrity docs https://www.elastic.co/guide/en/beats/auditbeat/7.x/auditbeat-module-file_integrity.html:
The file integrity module should not be used to monitor paths on network file systems.
To expand on that more, the reason is that OS features used to monitor changes in real-time don't work on network filesystems. Generally they can only observe changes when writer is running locally.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.