WARNING: Version 5.4 of Filebeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Apache2 module MySQL module »
Elastic Docs Filebeat Reference [5.4] Modules

Auditd module

edit

Auditd module

edit

This module collects and parses logs from the audit daemon (auditd).

Compatibility

edit

This module was tested with logs from auditd on OSes like CentOS 6 and CentOS 7.

This module is not available for Windows.

Dashboard

edit

This module comes with a sample dashboard showing an overview of the audit log data. You can build more specific dashboards that are tailored to the audit rules that you use on your systems.

kibana audit auditd

Syslog fileset settings

edit

var.paths

edit

An array of paths where to look for the log files. If left empty, Filebeat will choose the paths depending on your operating systems.

Fields

edit

For a description of each field in the metricset, see the exported fields section.

« Apache2 module MySQL module »