I get 3 different errors msgs:
unable to guess one or more required parameters: guess_sockaddr_in failed
-or-
unable to guess one or more required parameters: guess_udp_sendmsg failed
-or-
unable to guess one or more required parameters: guess_sk_buff_proto failed
# /etc/auditbeat# uname -a
Linux pirepo 3.16.0-10-amd64 #1 SMP Debian 3.16.81-1 (2020-01-17) x86_64 GNU/Linux
auditbeat.yml:
auditbeat.modules:
module: auditd
audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ]
audit_rules: |module: file_integrity
paths:
- /bin
- /usr/bin
- /sbin
- /usr/sbin
- /etc
- /usr/local/bin
module: system
datasets:
state.period: 12h
user.detect_password_changes: true
login.wtmp_file_pattern: /var/log/wtmp*
login.btmp_file_pattern: /var/log/btmp*
socket.enable_ipv6: false
processors:
- drop_event.when.equals.network.direction: outbound
setup.template.settings:
index.number_of_shards: 1
tags: ["auditbeat"]
setup.dashboards.enabled: false
output.kafka:
hosts: ["kafka.domain:9092"]topic: 'auditbeat.inbound'
partition.random:
reachable_only: truerequired_acks: 1
compression: gziplogging.level: warning