I'm trying to set log monitoring for servers but I can see logs that I have filtered out in Kibana. I want to it to only log entries where auid is between 2000 and 2099(including both). For that I have configured auditbeat with the following config.
How can I make sure logs which have auid as unset or 0 are filtered out? All of my efforts in trial and error and Google searching/reading docs have been futile so far. Would really appreciate any help.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.