Auditbeat or Filebeat

Burga · August 25, 2020, 1:03pm

Hi I just wondering what Auditbeat can audit what filebeat can't by logging

/var/log/audit/audit.log ?

we planned to install both auditbeat and filebeat on the same host but from my undersating filebeat also can get auditing info from audit.log file .

Best Regards.

warkolm · August 26, 2020, 4:40am

Basically;

Filebeat can definitely extract some of the logs that Auditbeat processes, but it has preconfigured modules to structure them for the dashboards.

Burga · August 26, 2020, 5:12am

Thank you , what do you mean by "output from audit daemon" , the output from auditd is not written into audit.log file ?

warkolm · August 26, 2020, 5:22am

system · September 23, 2020, 7:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditbeat vs Filebeat with auditd module Beats auditbeat	3	6649	June 24, 2019
Question about auditbeat and squid Beats auditbeat	5	435	September 23, 2020
Auditbeat inputs question Beats auditbeat	3	324	July 6, 2023
Only one log is output from auditbeat Beats auditbeat	4	353	October 5, 2022
Auditbeat 7.8 file integrity module Beats auditbeat	4	352	December 1, 2020