Unable to start auditbeat daemon process

Able to built auditbeat on ubuntu 16.04 container & used default auditbeat.yml to start auditbeat daemon process. But unable to start it.

sudo ./auditbeat -e -c auditbeat.yml -d "publish" & command is failing with below error

Exiting: 1 error: 1 error: failed to create audit client: failed to get audit status: failed sending request: connection refuse

Anyone faced this issue before if yes please help me out.

So you built Auditbeat from source? There are official container images available at https://www.docker.elastic.co/. And documentation for running Auditbeat in a container at Running Auditbeat on Docker | Auditbeat Reference [6.2] | Elastic. It requires some capabilities and to be in the host's PID namespace.

docker run --cap-add=AUDIT_CONTROL,AUDIT_READ --pid=host docker.elastic.co/beats/auditbeat:6.2.4

Thanks... It worked.