I am relatively new to ELK and I am trying to send logs from audit beat to Kibana. I have followed the steps from ELK documentation to install audit-beats on Linux . But at the last step when I run the audit beat I am getting the following error :
Cannot continue: audit configuration is locked in the kernel (enabled=2) which prevents using unicast sockets. Multicast audit subscriptions are not available in this kernel. Disable locking the audit configuration to use auditbeat
Is there any way I can do it without a restart ?