I want to know how many swap files are created in kibana for Ubuntu server when you create a text file using nano. i see 4 swap files deleted when i deleted the text file i have created in Ubuntu. Similarly the no of swap files deleted data shown on kibana is more than no of file created
E.g if abc.txt file is created. there are more than 1 swap files shown as created in kibana. I will really appreciate any help as i can't find the answer in google for this
Can you clarify a bit more? Are you using the Auditbeat FIM module to monitor the file changes, or something else? Also, can you post the exact commands you use to create the abc.txt file?
I'm curious what you are trying to check / do.
Thanks for the reply tudor. So yes i am using Auditbeat FIM module to monitor the file changes in Ubuntu Server. You got it right. Following are the commands i use to create abc.txt
touch abc.txt ; it usually shows on kibana that 1 file is created but when i use : nano abc.txt and modify the file to see if kibana shows modified data then it shows 2-3 swap files against abc.txt which is my concern that why there are couple of swap files against 1 text file
It sounds like Nano behaviour. I'm kind of surprised it does that, though, so I have a couple of more questions:
they have .swp extension with the original file name before the extension e.g abc.txt.swp
yes kibana shows that they are in the same folder
with touch i just create the file without nano and there's no swap file but yes with nano i am inserting the contents in the text file and after that .swp files appear
Editors like Nano and Vim are creating swap files under the hood while you are editing a file. This is to prevent accidental data loss, and also to prevent simultaneous competing edits. That's what Auditbeat FIM is picking up. You can read a bit more about swap files here.
If you don't want Auditbeat to collect information about swap files you could exclude those files. But I would say it's actually useful information to have.
I got the concept of swap file but my question is that why 2-3 swap files are creating instead of one? swap files value is not constant and vary as per the space that's why 2-3 or sometimes 1 or 2 are created ?
Really appreciate your reply on this thread Sir
can anyone respond on this
This is not something I think we can help with, you'd need to ask someone familiar with the OS or application you are using, as the SIEM app is simply showing you what is not happening but is not responsible for creating the files.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.