Unable to start Auditbeat on Proxmox Container


I tried to install auditbeat on Proxmox Container (Ubuntu)
It failed with following msg written to the log

2023-05-19T15:03:04.117-0400    INFO    instance/beat.go:309    Setup Beat: auditbeat; Version: 7.15.0
2023-05-19T15:03:04.117-0400    INFO    [publisher]     pipeline/module.go:113  Beat name: <xxxxx>
2023-05-19T15:03:04.119-0400    INFO    [auditd]        auditd/audit_linux.go:107       auditd module is running as euid=0 on kernel=5.4.203-1-pve
2023-05-19T15:03:04.119-0400    INFO    instance/beat.go:442    auditbeat stopped.
2023-05-19T15:03:04.120-0400    ERROR   instance/beat.go:989    Exiting: 1 error: failed to create audit client: failed to get audit status: operation not permitted

Any suggestions would be appreciated.


If you are running within a container then you likely need to give the container some additional capabilities that are normally restricted if you are using Docker and the like.