Auditbeat wont start

ethrbunny · March 7, 2021, 10:00pm

I get 3 different errors msgs:

unable to guess one or more required parameters: guess_sockaddr_in failed
-or-
unable to guess one or more required parameters: guess_udp_sendmsg failed
-or-
unable to guess one or more required parameters: guess_sk_buff_proto failed

# /etc/auditbeat# uname -a
Linux pirepo 3.16.0-10-amd64 #1 SMP Debian 3.16.81-1 (2020-01-17) x86_64 GNU/Linux

auditbeat.yml:

auditbeat.modules:

module: auditd
audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ]
audit_rules: |

module: file_integrity
paths:

/bin

/usr/bin

/sbin

/usr/sbin

/etc

/usr/local/bin

module: system
datasets:
state.period: 12h
user.detect_password_changes: true
login.wtmp_file_pattern: /var/log/wtmp*
login.btmp_file_pattern: /var/log/btmp*
socket.enable_ipv6: false
processors:

drop_event.when.equals.network.direction: outbound
setup.template.settings:
index.number_of_shards: 1
tags: ["auditbeat"]
setup.dashboards.enabled: false
output.kafka:
hosts: ["kafka.domain:9092"]

topic: 'auditbeat.inbound'
partition.random:
reachable_only: true

required_acks: 1
compression: gzip

logging.level: warning

system · April 5, 2021, 12:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AuditBeat Will Not Start Beats	2	1614	February 20, 2020
Auditbeat won't start on deb 8_11 Beats auditbeat	2	654	January 2, 2020
Auditbeat 7.7.0 fails to start on Kubuntu Beats auditbeat	4	919	June 22, 2020
Auditbeat: system/socket dataset setup failed - guess_inet_sock failed: timeout while waiting Beats auditbeat	1	217	December 21, 2023
Auditbeat 7.7.0 fails to start on Fedora 32 VM: system/socket guess timeout Beats auditbeat	3	878	June 22, 2020

Auditbeat wont start

Related topics