Hi,
I am basically just getting beats going so I apologize for what may be stupid questions but....
I have just installed auditbeat on a number of servers and all appears to be functioning - meaning systemctl says its running and kibana appears to be getting data from the servers. However, two items I am confused about:
- I try to create a keystore and it says it cant find the auditbeat.yml. I give it the path and it works. I never had to do that before. My concern is how will the yml preload the keystore variables when the service starts if I have to currently give it a -c param?
[root@serv1]# /usr/share/auditbeat/bin/auditbeat keystore create
error initializing beat: error loading config file: stat auditbeat.yml: no such file or directory
but this works:
[root@serv1]# /usr/share/auditbeat/bin/auditbeat keystore create -c /etc/auditbeat/auditbeat.yml
- Even though I see the data in kibana, systemctl reports:
Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":...
Is Non-zero an error indication?
Thank you.