Auditbeat inputs question

zaheerabbas1988 · June 6, 2023, 11:10am

Hello ELK community,

I have a scenario where I need to input a specific log file into Auditbeat. In Filebeat, I can achieve this easily by configuring the log file path in the filebeat.inputs section. However, I was wondering if a similar approach is possible in Auditbeat without having to install both Auditbeat and Filebeat on the same machine.

Is there a way to configure a specific log file input in Auditbeat, similar to how it is done in Filebeat? I want to avoid the overhead of managing two separate Beat installations on a single machine.

Any insights or recommendations would be greatly appreciated.

Thank you in advance for your help!

carly.richmond · June 8, 2023, 9:33am

Hi @zaheerabbas1988,

Others might know otherwise, but I don't think Auditbeat can ingest from files as it takes input from the supported modules.

Can you explain if this is an application log or other source? I'm assuming your file doesn't contain the metrics that AuditBeat intends to capture in the file.

zaheerabbas1988 · June 8, 2023, 3:37pm

Hi Carly, Many thanks for your time and reply.

You are correct. It's basically a custom script listening to incoming webhooks and storing logs related to that in a /var/foo/bar.log.

system · July 6, 2023, 5:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat output setting on modules Beats filebeat	2	306	September 1, 2020
Needs to drop audit beat data Logstash	2	186	September 22, 2022
Filebeats not pulling logs Beats	1	466	May 29, 2019
Auditbeat or Filebeat Beats filebeat , auditbeat	4	623	September 23, 2020
How to ingest a log file from source system to Kibana through Filebeat Logs	16	1680	December 8, 2022

Auditbeat inputs question

Related topics