Start auditbeat

headtea · August 25, 2020, 10:50am

I'm starting auditbeat on one of the machines and I'm getting the following message when running auditbeat:

ERROR   instance/beat.go:951    Exiting: 1 error: system/socket dataset setup failed: tracefs/debugfs is not mounted or not writeable: 2 errors: stat /sys/kernel/tracing/kprobe_events: no such file or directory; stat /sys/kernel/debug/tracing/kprobe_events: no such file or directory
Exiting: 1 error: system/socket dataset setup failed: tracefs/debugfs is not mounted or not writeable: 2 errors: stat /sys/kernel/tracing/kprobe_events: no such file or directory; stat /sys/kernel/debug/tracing/kprobe_events: no such file or directory

I did some googling but I wasn't able to figure out much. Does anyone know how to fix this? Thanks ahead.

jsoriano · August 26, 2020, 8:15pm

Hey @headtea,

On what Linux distribution and version are you installing Auditbeat? Are you running Auditbeat as root?

headtea · August 27, 2020, 7:05am

Thanks for the response.

I'm on CentOS 6.7. I was able to solve this by commenting out this line (socket):

-- module: system
-  datasets:
# - socket  # Opened and closed sockets

Although I'm not sure what it does and what's different now.

system · September 24, 2020, 9:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error: system/socket dataset setup failed Beats auditbeat	11	1091	April 16, 2020
Auditbeat 7.7.0 fails to start on Kubuntu Beats auditbeat	4	919	June 22, 2020
System/socket dataset setup failed: guess_struct_creds Beats auditbeat	3	478	November 16, 2023
System/socket dataset setup failed Beats auditbeat	3	1105	January 8, 2020
Auditbeat: system/socket dataset setup failed - guess_inet_sock failed: timeout while waiting Beats auditbeat	1	217	December 21, 2023

Start auditbeat

Related topics