Please help to understand how [Filebeat] works,
i have elk stack installed with fleet server , system & fleet server integration installed in the stack
i have an ubuntu 18.04 added as client and i wanted to monitor /root & /home included subdirectories to be monitored for any activity (create, add, delete, modify....).
the elastic agent ins installed in the client server, i am confused not sure where will install the filebeat in the host or in the client. i am using elk stack v 8.2.2, also i want to know how to setup alert if any changes happen. Thanks
You probably want to look at Auditbeat instead.
do i have to install Auditbeat in the client or only in the host ??
I needs to be added to any host that you want to do the monitoring on.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.