Unable to start Auditbeat on Proxmox Container


I tried to install auditbeat on Proxmox Container (Ubuntu)
It failed with following msg written to the log

2023-05-19T15:03:04.117-0400    INFO    instance/beat.go:309    Setup Beat: auditbeat; Version: 7.15.0
2023-05-19T15:03:04.117-0400    INFO    [publisher]     pipeline/module.go:113  Beat name: <xxxxx>
2023-05-19T15:03:04.119-0400    INFO    [auditd]        auditd/audit_linux.go:107       auditd module is running as euid=0 on kernel=5.4.203-1-pve
2023-05-19T15:03:04.119-0400    INFO    instance/beat.go:442    auditbeat stopped.
2023-05-19T15:03:04.120-0400    ERROR   instance/beat.go:989    Exiting: 1 error: failed to create audit client: failed to get audit status: operation not permitted

Any suggestions would be appreciated.


If you are running within a container then you likely need to give the container some additional capabilities that are normally restricted if you are using Docker and the like.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.