FIM integration User data missing

Hi all,

I have configured the File Integrity Monitoring Integration for my Linux server but even though the logs being ingested to my Elasticsearch some fileds like Process.user.name is missing from logs , This process fileds indicates who did th echanges to what but my logs are missing of these informations.

can anyone help me with this

Hi ,
So while troubleshooting I tried this integration on my testing server but now everything works on my testing server but the issue still proceed on my other server , I tried with File Event Source setting to auto and ebpf but still I am not getting those process fileds

@amarasinghe.kaluarac can you provide the kernel version/OS of your machine? Are there any error messages in the logs?

Hi Alex,

After testing the integration, I set the File Event Source to eBPF and encountered the following error in the logs:

<< failed to start event producer: init ebpf loader: check kernel version: min kernel version (5.10.16) is higher or equal than current kernel version (4.4.262) >>

Upon checking, I found that my Linux version is 4.4.0-210-generic. Could this be the cause of the issue?

Yes, the kernel is too old in this case.