Unable to start Auditbeat on Proxmox Container

tli · May 19, 2023, 7:37pm

Hi,

I tried to install auditbeat on Proxmox Container (Ubuntu)
It failed with following msg written to the log


2023-05-19T15:03:04.117-0400    INFO    instance/beat.go:309    Setup Beat: auditbeat; Version: 7.15.0
2023-05-19T15:03:04.117-0400    INFO    [publisher]     pipeline/module.go:113  Beat name: <xxxxx>
2023-05-19T15:03:04.119-0400    INFO    [auditd]        auditd/audit_linux.go:107       auditd module is running as euid=0 on kernel=5.4.203-1-pve
2023-05-19T15:03:04.119-0400    INFO    instance/beat.go:442    auditbeat stopped.
2023-05-19T15:03:04.120-0400    ERROR   instance/beat.go:989    Exiting: 1 error: failed to create audit client: failed to get audit status: operation not permitted

Any suggestions would be appreciated.

Thanks

andrewkroh · May 22, 2023, 4:36pm

If you are running within a container then you likely need to give the container some additional capabilities that are normally restricted if you are using Docker and the like.

system · June 19, 2023, 6:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to start auditbeat daemon process Beats auditbeat	3	730	November 4, 2022
Exiting: 1 error: failed to create audit client: failed to get audit status: operation not permitted Beats docker , auditbeat	3	844	August 12, 2022
I am unable to Start Auditbeat service Beats auditbeat	20	759	January 6, 2021
Auditbeat on docker fails to run auditd module Beats docker , auditbeat	17	1720	October 22, 2021
Failed to get audit status before adding rules Beats auditbeat	2	414	July 27, 2020

Unable to start Auditbeat on Proxmox Container

Related Topics