I recently upgraded to auditbeat version 6.7.0 on our fleet of linux servers to test functionality of the newly added system datasets. Every other dataset works pretty well except for package
I get an error for failures to get RPM packages.
2019-04-01T11:48:57.035-0400 ERROR [package] package/package.go:267 failed to get packages: error getting RPM packages: unable to open a handle to the library
Auditbeat Version:
auditbeat version 6.7.0 (amd64), libbeat 6.7.0 [14ca49c28a6e10b84b4ea8cdebdc46bd2eab3130 built 2019-03-21 14:53:01 +0000 UTC]
Auditbeat.yml snipper:
- module: system
datasets:- host
- user
- login
- package
period: 1m
user.detect_password_changes: true
state.period: 24h
login.wtmp_file_pattern: /var/log/wtmp*
login.btmp_file_pattern: /var/log/btmp*
Server Distro:
Centos 7
Linux hostname 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Any ideas on how I can troubleshoot this would be appreciated.
Thanks,