Auditd rules to save terminal output

Thanks to autidbeat I'm able to logging on ELK command execution with flags, but I also need to save output from terminal of that command call. Is there any way to do that by auditbeat ? Maybe some rules to record kernel file descriptor ?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.