• Auditbeat Reference: 8.196.6other versionsother versions: 8.198.188.178.168.158.148.138.128.118.108.98.88.78.68.58.48.38.28.18.07.177.167.157.147.137.127.117.107.97.87.77.67.57.47.37.27.17.06.86.76.66.56.46.36.26.16.0
• Overview
• Getting started with Auditbeat
  • Step 1: Install Auditbeat
  • Step 2: Configure Auditbeat
  • Step 3: Load the index template in Elasticsearch
  • Step 4: Set up the Kibana dashboards
  • Step 5: Start Auditbeat
  • Step 6: View the sample Kibana dashboards
  • Repositories for APT and YUM
• Breaking changes in 6.2
• Setting up and running Auditbeat
  • Directory layout
  • Secrets keystore
  • Command reference
  • Running Auditbeat on Docker
  • Stopping Auditbeat
• Configuring Auditbeat
  • Specify which modules to run
  • Specify general settings
  • Reload the configuration dynamically
  • Configure the internal queue
  • Configure the output
    • Elasticsearch
    • Logstash
    • Kafka
    • Redis
    • File
    • Console
    • Cloud
    • Change the output codec
  • Set up index lifecycle management
  • Specify SSL settings
  • Filter and enhance the exported data
    • Define processors
    • Add cloud metadata
    • Add the local time zone
    • Decode JSON fields
    • Drop events
    • Drop fields from events
    • Keep fields from events
    • Rename fields from events
    • Add Kubernetes metadata
    • Add Docker metadata
    • Add Host metadata
    • Dissect strings
    • DNS Reverse Lookup
    • Add process metadata
  • Parse data by using ingest node
  • Set up project paths
  • Set up the Kibana endpoint
  • Load the Kibana dashboards
  • Load the Elasticsearch index template
  • Configure logging
  • Use environment variables in the configuration
  • YAML tips and gotchas
  • Regular expression support
  • HTTP Endpoint
  • auditbeat.reference.yml
• Modules
  • Auditd Module
  • File Integrity Module
  • System Module
    • System host dataset
    • System process dataset
    • System socket dataset
    • System user dataset
• Exported fields
  • Alias fields
  • Auditd fields
  • Beat fields
  • Cloud provider metadata fields
  • Common fields
  • Docker fields
  • File Integrity fields
  • Host fields
  • Kubernetes fields
  • System fields
• Monitoring Auditbeat
  • Configuration options
• Securing Auditbeat
  • Secure communication with Elasticsearch
  • Secure communication with Logstash by using SSL
  • Use X-Pack security
    • Auditbeat features that require authorization
    • Configure authentication credentials
    • Grant users access to Auditbeat indices
    • Configure Auditbeat to use encrypted connections
    • Set the password for the built-in monitoring user
  • Use Linux Secure Computing Mode (seccomp)
• Troubleshooting
  • Get Help
  • Debug
  • Frequently asked questions
• Contributing to Beats