Thanks to autidbeat I'm able to logging on ELK command execution with flags, but I also need to save output from terminal of that command call. Is there any way to do that by auditbeat ? Maybe some rules to record kernel file descriptor ?
Cheers
R
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.