Auditbeat rules

I have Auditbeat installed on a Linux machine and I want to receive logs for commands like systemctl stop / start syslog but it receives only for status. So, not all commands can be inspected in Kibana. Any idea what should I change?
Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.