Config Auditbeat

CodeRed · February 14, 2023, 10:37pm

Currently i am experimenting with auditbeat the config process i want to collect the whole log due to the auditd rules i added but the log i get is no log auditd here is my config file

auditbeat.modules:

module: auditd
enabled: true

audit_rule_files: [ '/etc/auditbeat/audit.rules.d/*.conf' ]
audit_rules: |
module: system
datasets:
- package # Installed, updated, and removed packages
period: 2m # The frequency at which the datasets check for changes
module: system
datasets:
- host # General host information, e.g. uptime, IPs
- login # User logins, logouts, and system boots.
- process # Started and stopped processes
- socket # Opened and closed sockets
- user # User information
  here is the log i got
  
  image1911×529 48.2 KB

system · March 14, 2023, 10:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditbeat collects old data on Linux system Beats auditbeat	1	443	March 10, 2022
Auditbeat - auditd module default rules Beats auditbeat	2	420	September 29, 2022
Configuring Auditbeat to only report modifications to files I want to monitor Beats auditbeat	7	1221	October 23, 2018
Multiple "-module: auditd" stanzas in config file lead to problems Beats auditbeat	1	306	September 18, 2021
Disable fileintegrity and dataset module in auditbeat Beats auditbeat	2	1006	May 23, 2019

Config Auditbeat

Related Topics