Hi all,
I have configured the File Integrity Monitoring Integration for my Linux server but even though the logs being ingested to my Elasticsearch some fileds like Process.user.name is missing from logs , This process fileds indicates who did th echanges to what but my logs are missing of these informations.
can anyone help me with this
Hi ,
So while troubleshooting I tried this integration on my testing server but now everything works on my testing server but the issue still proceed on my other server , I tried with File Event Source setting to auto and ebpf but still I am not getting those process fileds
@amarasinghe.kaluarac can you provide the kernel version/OS of your machine? Are there any error messages in the logs?
Hi Alex,
After testing the integration, I set the File Event Source to eBPF and encountered the following error in the logs:
<< failed to start event producer: init ebpf loader: check kernel version: min kernel version (5.10.16) is higher or equal than current kernel version (4.4.262) >>
Upon checking, I found that my Linux version is 4.4.0-210-generic. Could this be the cause of the issue?
Yes, the kernel is too old in this case.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.