How to load audit rules from seperate files

How do I start writing rules in audit.rules.d folder do I need to create a file rules.d file and write in it.
I'm not seeing any rules when i run auditbeat show auditd-rules

Use the audit_rules_files configuration option to point Auditbeat at a directory of files.

- module: auditd
  # Load audit rules from separate files. Same format as audit.rules(7).
  audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ]
1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.