Hi I just wondering what Auditbeat can audit what filebeat can't by logging
/var/log/audit/audit.log ?
we planned to install both auditbeat and filebeat on the same host but from my undersating filebeat also can get auditing info from audit.log file .
Best Regards.
Basically;
Filebeat can definitely extract some of the logs that Auditbeat processes, but it has preconfigured modules to structure them for the dashboards.
Thank you , what do you mean by "output from audit daemon" , the output from auditd is not written into audit.log file ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.