hi
We got data coming via syslog-> logstash from certain Linux devices and don't have auditbeats.
Is there a logstash pattern, where I can map the auditd fields to ECS (common schema) format?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.