Start auditbeat

headtea · August 25, 2020, 10:50am

I'm starting auditbeat on one of the machines and I'm getting the following message when running auditbeat:

ERROR   instance/beat.go:951    Exiting: 1 error: system/socket dataset setup failed: tracefs/debugfs is not mounted or not writeable: 2 errors: stat /sys/kernel/tracing/kprobe_events: no such file or directory; stat /sys/kernel/debug/tracing/kprobe_events: no such file or directory
Exiting: 1 error: system/socket dataset setup failed: tracefs/debugfs is not mounted or not writeable: 2 errors: stat /sys/kernel/tracing/kprobe_events: no such file or directory; stat /sys/kernel/debug/tracing/kprobe_events: no such file or directory

I did some googling but I wasn't able to figure out much. Does anyone know how to fix this? Thanks ahead.

jsoriano · August 26, 2020, 8:15pm

Hey @headtea,

On what Linux distribution and version are you installing Auditbeat? Are you running Auditbeat as root?

headtea · August 27, 2020, 7:05am

Thanks for the response.

I'm on CentOS 6.7. I was able to solve this by commenting out this line (socket):

-- module: system
-  datasets:
# - socket  # Opened and closed sockets

Although I'm not sure what it does and what's different now.

Topic		Replies	Views
Error: system/socket dataset setup failed Beats auditbeat	11	1243	April 16, 2020
Error: system/socket dataset setup failed Beats auditbeat	1	488	May 9, 2023
AuditBeat Will Not Start Beats	2	1669	February 20, 2020
System/socket dataset setup failed Beats auditbeat	3	1158	January 8, 2020
Auditbeat won't start on deb 8_11 Beats auditbeat	2	695	January 2, 2020

Start auditbeat

Related topics