How do I start writing rules in audit.rules.d folder do I need to create a file rules.d file and write in it.
I'm not seeing any rules when i run auditbeat show auditd-rules
Use the audit_rules_files configuration option to point Auditbeat at a directory of files.
auditbeat.modules:
- module: auditd
# Load audit rules from separate files. Same format as audit.rules(7).
audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ]
1 Like
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.