Linux audit trail file to ECS output

I've successfully configured Auditbeat to collect logs on a Linux system (CentOS 7.7).

However, I also have some systems that (for policy reasons) cannot have Auditbeat installed on them. Periodically the audit trail files for these systems are downloaded to another machine.

Is there a way to get Auditbeat to read a Linux audit trail file and generate the Auditbeat JSON output?



This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.