I'm using Auditbeat with FIM module on Kubernetes daemonset with 40 pods on it.
Auditbeat version - latest
OS - Debian GNU/Linux 9
ulimit -n 1048576
Auditbeat pod memory allocation - 200mb
Open file handles go up to 2700 over 9 hours, then auditbeat pod gets OOMKilled and restarts.
Any suggestions how to close file handles.
(Moving to SIEM category where this should get 
from the right developers/community).
We are trying to monitor the integrity of files within the container.. This is why the file handles can grow quickly. This is a large enhancement for us, hoping there is a way we can better control file handles open.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.