I can't seem to get my auditbeat to start sending data to my ElastaCloud from my Mac. Every time I start it I need to execute the following commands and it won't log until that point
./auditbeat setup
./auditbeat -e
Any idea what I need to do to get this running from Start up?
Hello, when you installed auditbeat, did you use download the tar file for macOS or use brew?
https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-installation.html
If you use the version available in brew, it integrates with launchd to start the service.
https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-starting.html
Hi Michael,
I downloaded the tar file for macOS using the following commands from the Auditbeat setup on Elastacloud
curl -L -O https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-7.5.2-darwin-x86_64.tar.gz
tar xzvf auditbeat-7.5.2-darwin-x86_64.tar.gz
I don't have brew on my Mac. I'm running this as a poc at the moment so reluctant to go down that route if I can avoid it
Hi Bill,
The tarball for auditbeat on macOS does not include the plist file needed for launchd. There's a older thread that outlines setting up filebeat on macOS. The manual process should be pretty similar for auditbeat.
Additionally, you could review the brew forumla for auditbeat to find which steps are needed to manually create the needed plist file for auditbeat.
Please let us know if you have additional questions.
Thanks Michael. I will review the thread and the brew formula and see if I can figure out how to get this working.
Thanks for your assistance and the clarity on Auditbeat for Mac
Hello,
You're welcome. Please let us know if you hit any issues with the auditbeat setup for macOS.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.