Hello! I want to audit system events which happen inside LXC containers. Is it able to do with Auditbeat?
I started development of a new add_lxc_metadata
processor which would add container.id
field to the event data just like add_docker_metadata
do.
I already have a working and tested minimal working solution and opened a PR for that: https://github.com/elastic/beats/pull/11663
I appreciate any comments, hints and suggestions!
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.