Trying out the process module for auditbeat on Windows. Seeinq the following message:
|2019-07-01T14:02:55.289+0200|WARN|[cfgwarn]|process/process.go:131|BETA: The system/process dataset is beta|
|---|---|---|---|---|
|2019-07-01T14:02:55.306+0200|DEBUG|[process]|process/process.go:168|Last state was sent at 2019-07-01 09:01:25.3942751 +0200 CEST. Next state update by 2019-07-01 21:01:25.3942751 +0200 CEST.|
|2019-07-01T14:02:55.306+0200|WARN|[process]|process/process.go:174|Running as non-root user, will likely not report all processes.|
As auditbeat is running as SYSTEM, it should have all the required permissions to list all processes.. Is this a bug (where auditbeat think it's running on Linux and checking for root privilege?)
Hi Willem, thanks for reaching out. Do you see those errors when running auditbeat as a Windows service (Start-Service auditbeat), or are you starting auditbeat manually (./auditbeat -e)?
Hi @willemdh - that's a bug, we should not be showing this warning on Windows. I'll get it fixed, but it shouldn't have any impact on what data is collected.
Thanks, I'll ignore for now. By the way, we noticed auditbeat has crashed several times since enabling the host and process metricset on WIndows Server 2012 R2 and 2016. Enabled debug, but nothing is logged which could point to the root cause.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.