Failed to get audit status before adding rules

When I start auditbeat I get this error message

2020-06-29T14:49:06.560+1000    ERROR   [auditd]        auditd/audit_linux.go:148       Failure adding audit rules      {"error": "failed to get audit status before adding rules: operation not permitted", "errorVerbose": "operation not permitted\nfailed to get audit status before adding rules\*MetricSet).addRules\n\t/go/src/\*MetricSet).Run\n\t/go/src/\*metricSetWrapper).run\n\t/go/src/\*Wrapper).Start.func1\n\t/go/src/\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1357"}

I am unsure what it means or if my rules have loaded properly. I can see much in the Kibana dashboards.

I am running auditbeat 7.8.0 on Ububu 18.04

What other information should I supply?

Oh the host this is running on is an LXC container

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.