hello team,
we have met auditbeat truncate events probem, would you pls help me share some idea how to fix that ??
[root@rnotesting auditbeat]# curl http://23123123214321421fasdsadasdsadasfasfsafagsgdsgsdgxxxxxxxxx1234567890aaaaaaaaaaaaaccccccccccccccxxxxxxxxxxxxxxxxxxx9912
curl: (6) Could not resolve host: 23123123214321421fasdsadasdsadasfasfsafagsgdsgsdgxxxxxxxxx1234567890aaaaaaaaaaaaaccccccccccccccxxxxxxxxxxxxxxxxxxx9912; Unknown error
[root@rnotesting auditbeat]# curl http://23123123214321421fasdsadasdsadasfasfsafagsgdsgsdgxxxxxxxxx1234567890aaaaaaaaaaaaaccccccccccccccxxxxxxxxxxxxxxxxxxx9912
curl: (6) Could not resolve host: 23123123214321421fasdsadasdsadasfasfsafagsgdsgsdgxxxxxxxxx1234567890aaaaaaaaaaaaaccccccccccccccxxxxxxxxxxxxxxxxxxx9912; Unknown error
[root@rnotesting auditbeat]#
[root@rnotesting auditbeat]#
[root@rnotesting auditbeat]# grep curl ./*
./auditbeat.log: "executable": "/usr/bin/curl",
./auditbeat.log: "curl",
./auditbeat.log: "title": "curl htpdff:
312321321321312321dasfasfasfsafasfasgasgasgasggkkkawdfkasfka",
./auditbeat.log: "name": "curl"
./auditbeat.log: "T1105_Lateral_Movement_curl"
./auditbeat.log: "primary": "/bin/curl"
./auditbeat.log: "how": "/usr/bin/curl"
./auditbeat.log: "name": "/bin/curl",
./auditbeat.log: "path": "/bin/curl",
./auditbeat.log: "path": "/bin/curl",
./auditbeat.log: "T1105_Lateral_Movement_curl"
./auditbeat.log: "name": "/bin/curl",
./auditbeat.log: "primary": "/bin/curl",
./auditbeat.log: "how": "/usr/bin/curl"
./auditbeat.log: "title": "curl htpdff:
312321321321312321dasfasfasfsafasfasgasgasgasggkkkaw",
./auditbeat.log: "name": "curl",
./auditbeat.log: "executable": "/usr/bin/curl",
./auditbeat.log: "curl",
./auditbeat.log: "T1105_Lateral_Movement_curl"
./auditbeat.log: "title": "curl htpdff:
312321321321312321dasfasfasfsafasfasgasgasgasggkkkawzzzzzzzzzzzzzzzzzz",
./auditbeat.log: "name": "curl",
./auditbeat.log: "executable": "/usr/bin/curl",
./auditbeat.log: "curl",
./auditbeat.log: "path": "/bin/curl",
./auditbeat.log: "primary": "/bin/curl",
./auditbeat.log: "how": "/usr/bin/curl"
./auditbeat.log: "name": "/bin/curl",
./auditbeat.log: "name": "curl",
./auditbeat.log: "executable": "/usr/bin/curl",
./auditbeat.log: "curl",
./auditbeat.log: "title": "curl http://23123123214321421fasdsadasdsadasfasfsafagsgdsgsdgxxxxxxxxx1234567890aaaaaaaaaaaaaccccccccccccccxxxxxxxxxxxxxxxxxxx99"
./auditbeat.log: "T1105_Lateral_Movement_curl"
./auditbeat.log: "primary": "/bin/curl",
./auditbeat.log: "how": "/usr/bin/curl"
./auditbeat.log: "name": "/bin/curl",
./auditbeat.log: "path": "/bin/curl",
./auditbeat.log: "path": "/bin/curl",
./auditbeat.log: "T1105_Lateral_Movement_curl"
./auditbeat.log: "primary": "/bin/curl"
./auditbeat.log: "how": "/usr/bin/curl"
./auditbeat.log: "name": "/bin/curl",
./auditbeat.log: "title": "curl http://23123123214321421fasdsadasdsadasfasfsafagsgdsgsdgxxxxxxxxx1234567890aaaaaaaaaaaaaccccccccccccccxxxxxxxxxxxxxxxxxxx99",
./auditbeat.log: "name": "curl",
./auditbeat.log: "executable": "/usr/bin/curl",
./auditbeat.log: "curl",