WARNING: Version 6.2 of Auditbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
We have repositories available for APT and YUM-based distributions. Note that we provide binary packages, but no source packages.
We use the PGP key D88E42B4, Elasticsearch Signing Key, with fingerprint
4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4
to sign all our packages. It is available from https://pgp.mit.edu.
To add the Beats repository for APT:
Download and install the Public Signing Key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
You may need to install the
apt-transport-httpspackage on Debian before proceeding:
sudo apt-get install apt-transport-https
Save the repository definition to
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
To add the Elastic repository, make sure that you use the
echomethod shown in the example. Do not use
add-apt-repositorybecause it will add a
deb-srcentry, but we do not provide a source package.
If you have added the
deb-srcentry by mistake, you will see an error like the following:
Unable to find expected entry 'main/source/Sources' in Release file (Wrong sources.list entry or malformed file)
Simply delete the
deb-srcentry from the
/etc/apt/sources.listfile, and the installation should work as expected.
apt-get update, and the repository is ready for use. For example, you can install Auditbeat by running:
sudo apt-get update && sudo apt-get install auditbeat
To configure Auditbeat to start automatically during boot, run:
sudo update-rc.d auditbeat defaults 95 10
To add the Beats repository for YUM:
Download and install the public signing key:
sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
Create a file with a
.repoextension (for example,
elastic.repo) in your
/etc/yum.repos.d/directory and add the following lines:
[elastic-6.x] name=Elastic repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Your repository is ready to use. For example, you can install Auditbeat by running:
sudo yum install auditbeat
To configure the Beat to start automatically during boot, run:
sudo chkconfig --add auditbeat