- Auditbeat Reference: other versions:
- Overview
- Get started
- Set up and run
- Upgrade Auditbeat
- Configure
- Modules
- General settings
- Project paths
- Config file reloading
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_json_fields
- decompress_gzip_field
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- registered_domain
- rename
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Regular expression support
- auditbeat.reference.yml
- How to guides
- Modules
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get Help
- Debug
- Common problems
- Auditbeat fails to watch folders because too many files are open
- Auditbeat uses too much bandwidth
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- Dashboard could not locate the index-pattern
- Contribute to Beats
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Secure Auditbeat
editSecure Auditbeat
editThe following topics provide information about securing the Auditbeat process and connecting to a cluster that has security features enabled.
You can use role-based access control and optionally, API keys to grant Auditbeat users access to secured resources.
After privileged users have been created, use authentication to connect to a secured Elastic cluster.
On Linux, Auditbeat can take advantage of secure computing mode to restrict the system calls that a process can issue.
Was this helpful?
Thank you for your feedback.