WARNING: Version 6.2 of Auditbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Auditbeat and X-Pack Securityedit
If you want Auditbeat to connect to a cluster that has X-Pack Security enabled, there are extra configuration steps.
To send data to a secured cluster through the elasticsearch output,
Auditbeat needs to authenticate as a user who can manage index templates,
monitor the cluster, create indices, and read, and write to the indices
it creates. See Configuring Authentication Credentials for Auditbeat.
If encryption is enabled on the cluster, you also need to enable HTTPS in the Auditbeat configuration. See Configuring Auditbeat to use Encrypted Connections.
In addition to configuring authentication credentials for the Auditbeat itself, you need to grant authorized users permission to access the indices it creates. See Granting Users Access to Auditbeat Indices.
For more information about X-Pack Security, see Securing Elasticsearch and Kibana.