Config Auditbeat

Currently i am experimenting with auditbeat the config process i want to collect the whole log due to the auditd rules i added but the log i get is no log auditd here is my config file

auditbeat.modules:

  • module: auditd
    enabled: true

    audit_rule_files: [ '/etc/auditbeat/audit.rules.d/*.conf' ]
    audit_rules: |

  • module: system
    datasets:

    • package # Installed, updated, and removed packages

    period: 2m # The frequency at which the datasets check for changes

  • module: system
    datasets:

    • host # General host information, e.g. uptime, IPs
    • login # User logins, logouts, and system boots.
    • process # Started and stopped processes
    • socket # Opened and closed sockets
    • user # User information
      here is the log i got

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.