Currently i am experimenting with auditbeat the config process i want to collect the whole log due to the auditd rules i added but the log i get is no log auditd here is my config file
auditbeat.modules:
-
module: auditd
enabled: trueaudit_rule_files: [ '/etc/auditbeat/audit.rules.d/*.conf' ]
audit_rules: | -
module: system
datasets:- package # Installed, updated, and removed packages
period: 2m # The frequency at which the datasets check for changes
-
module: system
datasets:- host # General host information, e.g. uptime, IPs
- login # User logins, logouts, and system boots.
- process # Started and stopped processes
- socket # Opened and closed sockets
- user # User information
here is the log i got