Auditbeat installation replaces custom config with example

On CentOS 6, using beats 6.4.0, I create custom configs in /etc/"beat"/"beat".yml.
After deploying Filebeat and Packetbeat I end up with "beat".yml.rpmnew, and they work as intended.

But with Auditbeat, I end up with the default example auditbeat.yml only, having replaced my own auditbeat.yml. This in turn include the 32-bit sample rules in /etc/auditbeat/audit_rules.d/ effectively bricking the installation.

I use ansible to install my beats, and the Filebeat, Packetbeat and Auditbeat roles are identical in their setup, so I am pretty sure the problem is upstream.. :slight_smile:

Has anyone else seen this?

Yeah, we saw the problem and it should be fixed in the next release we make. We refactored our packaging process in 6.4.0, but unfortunately broke something.

Details are in https://github.com/elastic/beats/pull/8078.

If you want to test one of the fixed binaries prior to release you can get a snapshot build from jenkins.

Great!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.