Service does not start - 1 error: 1 error: failed to create audit client: failed to create audit client: audit not supported by kernel: protocol not supported

Service does not start, no error information in the log. Please help
auditbeat -e -c auditbeat.yml -d "publish" >>

WARN    [cfgwarn]       host/host.go:167        BETA: The system/host dataset is beta
WARN    [cfgwarn]       login/login.go:95       BETA: The system/login dataset is beta
WARN    [cfgwarn]       package/package.go:170  BETA: The system/package dataset is beta
WARN    [cfgwarn]       process/process.go:131  BETA: The system/process dataset is beta
WARN    [cfgwarn]       socket/socket.go:245    BETA: The system/socket dataset is beta

WARN [cfgwarn] user/user.go:205 BETA: The system/user dataset is beta
INFO instance/beat.go:385 auditbeat stopped.
ERROR instance/beat.go:877 Exiting: 1 error: 1 error: failed to create audit client: failed to create audit client: audit not supported by kernel: protocol not supported
Exiting: 1 error: 1 error: failed to create audit client: failed to create audit client: audit not supported by kernel: protocol not supported

systemctl status auditbeat >>
systemd[1]: auditbeat.service: Unit entered failed state.
systemd[1]: auditbeat.service: Failed with result 'exit-code'.
systemd[1]: auditbeat.service: Service hold-off time over, scheduling restart.
systemd[1]: Stopped Audit the activities of users and processes on your system..
systemd[1]: auditbeat.service: Start request repeated too quickly.
systemd[1]: Failed to start Audit the activities of users and processes on your system..

Hello, welcome to the Elastic community. Which version of auditbeat are you running when you encounter these errors? Also which version and release of Linux are you running?

Thanks.

Hi,
thank you for taking care of this matter,
auditbeat version 7.3.1 (amd64), libbeat 7.3.1
and
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
I found information about no support for this kernel,
What to do with this?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.