auditd often creats a lot of disk IO, will it be reduced by auditbeat?
Auditbeat sends data directly to Elasticsearch whereas auditd writes it to disk, so yes, you should see much less disk usage with Auditbeat.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.