Difference btween module system syslog logs of Filebeat and auditbeat the two collect the linux logs ?
filebeat system logs just collects from /var/syslog etc and does little parsing etc.
Auditbeat collects more detailed information, looks for audit related events and parses them etc.
Yes they are a bit similar but if you are more interested in audit related events I would suggest auditbeat.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.