Service does not start - 1 error: 1 error: failed to create audit client: failed to create audit client: audit not supported by kernel: protocol not supported

monmac · September 4, 2019, 12:25pm

Service does not start, no error information in the log. Please help
auditbeat -e -c auditbeat.yml -d "publish" >>

WARN    [cfgwarn]       host/host.go:167        BETA: The system/host dataset is beta
WARN    [cfgwarn]       login/login.go:95       BETA: The system/login dataset is beta
WARN    [cfgwarn]       package/package.go:170  BETA: The system/package dataset is beta
WARN    [cfgwarn]       process/process.go:131  BETA: The system/process dataset is beta
WARN    [cfgwarn]       socket/socket.go:245    BETA: The system/socket dataset is beta

WARN [cfgwarn] user/user.go:205 BETA: The system/user dataset is beta
INFO instance/beat.go:385 auditbeat stopped.
ERROR instance/beat.go:877 Exiting: 1 error: 1 error: failed to create audit client: failed to create audit client: audit not supported by kernel: protocol not supported
Exiting: 1 error: 1 error: failed to create audit client: failed to create audit client: audit not supported by kernel: protocol not supported

systemctl status auditbeat >>
systemd[1]: auditbeat.service: Unit entered failed state.
systemd[1]: auditbeat.service: Failed with result 'exit-code'.
systemd[1]: auditbeat.service: Service hold-off time over, scheduling restart.
systemd[1]: Stopped Audit the activities of users and processes on your system..
systemd[1]: auditbeat.service: Start request repeated too quickly.
systemd[1]: Failed to start Audit the activities of users and processes on your system..

Michael_Madden · September 4, 2019, 6:36pm

Hello, welcome to the Elastic community. Which version of auditbeat are you running when you encounter these errors? Also which version and release of Linux are you running?

Thanks.

monmac · September 5, 2019, 9:27am

Hi,
thank you for taking care of this matter,
auditbeat version 7.3.1 (amd64), libbeat 7.3.1
and
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
I found information about no support for this kernel,
What to do with this?

system · September 26, 2019, 9:28am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I am unable to Start Auditbeat service Beats auditbeat	20	759	January 6, 2021
Error: system/socket dataset setup failed Beats auditbeat	1	440	May 9, 2023
AuditBeat failed to create audit client: protocol not supported Beats auditbeat	6	2140	November 4, 2022
Auditbeat OSS fails to start SIEM	3	1819	July 8, 2020
AuditBeat Will Not Start Beats	2	1612	February 20, 2020

Service does not start - 1 error: 1 error: failed to create audit client: failed to create audit client: audit not supported by kernel: protocol not supported

Related Topics