Hi,
I am using auditd module in Filebeat to send the audit logs to Logstash. Do I still need to parse the audit logs in Logstash? When I sent the output to elasticsearch everything was working fine but whenswitched to Logstash it is not parsing the data.
is there a auditd module configuration file available just like syslog (link is below)?
https://www.elastic.co/guide/en/logstash/current/logstash-config-for-filebeat-modules.html
Thanks,
Charan
Hi @charan.gandra,
I'm afraid Filebeat modules only work with Ingest node, if you are willing to use Logstash you can probably convert the pipeline from ingest to Logstash, as syntax is similar: https://github.com/elastic/beats/blob/master/filebeat/module/auditd/log/ingest/pipeline.json
Best regards
Thank you.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.