Auditbeat inputs question

zaheerabbas1988 · June 6, 2023, 11:10am

Hello ELK community,

I have a scenario where I need to input a specific log file into Auditbeat. In Filebeat, I can achieve this easily by configuring the log file path in the filebeat.inputs section. However, I was wondering if a similar approach is possible in Auditbeat without having to install both Auditbeat and Filebeat on the same machine.

Is there a way to configure a specific log file input in Auditbeat, similar to how it is done in Filebeat? I want to avoid the overhead of managing two separate Beat installations on a single machine.

Any insights or recommendations would be greatly appreciated.

Thank you in advance for your help!

carly.richmond · June 8, 2023, 9:33am

Hi @zaheerabbas1988,

Others might know otherwise, but I don't think Auditbeat can ingest from files as it takes input from the supported modules.

Can you explain if this is an application log or other source? I'm assuming your file doesn't contain the metrics that AuditBeat intends to capture in the file.

zaheerabbas1988 · June 8, 2023, 3:37pm

Hi Carly, Many thanks for your time and reply.

You are correct. It's basically a custom script listening to incoming webhooks and storing logs related to that in a /var/foo/bar.log.

system · July 6, 2023, 5:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.