Testing auditbeat-7.5.0-1-x86_64 on SLES 12 SP4. When the socket dataset is enabled under module system, auditbeat restarts. I checked the release note which says ipv6.disable=1 is taken care of.
Any suggestion?
Blockquote auditbeat[20739]: 2019-12-04T12:13:18.733-0500#011WARN#011[cfgwarn]#011socket/socket_linux.go:87#011BETA: The system/socket dataset is beta.
auditbeat[20739]: 2019-12-04T12:13:18.765-0500#011INFO#011[socket]#011socket/socket_linux.go:223#011Setting up system/socket for kernel 4.12.14-94.41-default
auditbeat[20739]: 2019-12-04T12:13:18.877-0500#011INFO#011[socket]#011guess/guess.go:258#011Running 16 guesses ...
auditbeat[20739]: 2019-12-04T12:13:21.720-0500#011INFO#011add_cloud_metadata/add_cloud_metadata.go:89#011add_cloud_metadata: hosting provider type not detected.
auditbeat[20739]: 2019-12-04T12:13:34.068-0500#011INFO#011instance/beat.go:402#011auditbeat stopped.
auditbeat[20739]: 2019-12-04T12:13:34.069-0500#011ERROR#011instance/beat.go:916#011Exiting: 1 error: 1 error: system/socket dataset setup failed: unable to guess one or more required parameters: guess_sk_buff_proto failed: timeout while waiting for event
auditbeat[20739]: Exiting: 1 error: 1 error: system/socket dataset setup failed: unable to guess one or more required parameters: guess_sk_buff_proto failed: timeout while waiting for event
systemd[1]: auditbeat.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: auditbeat.service: Unit entered failed state.
systemd[1]: auditbeat.service: Failed with result 'exit-code'.
systemd[1]: auditbeat.service: Service RestartSec=100ms expired, scheduling restart.
systemd[1]: Stopped Audit the activities of users and processes on your system..
systemd[1]: Started Audit the activities of users and processes on your system..