Auditbeat or Filebeat

Burga · August 25, 2020, 1:03pm

Hi I just wondering what Auditbeat can audit what filebeat can't by logging

/var/log/audit/audit.log ?

we planned to install both auditbeat and filebeat on the same host but from my undersating filebeat also can get auditing info from audit.log file .

Best Regards.

warkolm · August 26, 2020, 4:40am

Basically;

Filebeat can definitely extract some of the logs that Auditbeat processes, but it has preconfigured modules to structure them for the dashboards.

Burga · August 26, 2020, 5:12am

Thank you , what do you mean by "output from audit daemon" , the output from auditd is not written into audit.log file ?

warkolm · August 26, 2020, 5:22am

system · September 23, 2020, 7:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditbeat vs Filebeat with auditd module Beats auditbeat	3	7071	June 24, 2019
Filebeat for auditd events Beats filebeat	5	2789	December 26, 2017
Filebeat module - auditd Beats filebeat	3	1080	July 19, 2018
Auditbeat vs Winlogbeat Beats auditbeat	3	2298	August 1, 2019
Audit log Logstash	10	2951	March 26, 2019