I've successfully configured Auditbeat to collect logs on a Linux system (CentOS 7.7).
However, I also have some systems that (for policy reasons) cannot have Auditbeat installed on them. Periodically the audit trail files for these systems are downloaded to another machine.
Is there a way to get Auditbeat to read a Linux audit trail file and generate the Auditbeat JSON output?
Thanks,
Todd