To get started quickly, read Quick start: installation and configuration.
To configure Auditbeat, edit the configuration file. The default
configuration file is called
auditbeat.yml. The location of the file
varies by platform. To locate the file, see Directory layout.
There’s also a full example configuration file called
that shows all non-deprecated options.
See the Config File Format for more about the structure of the config file.
The following topics describe how to configure Auditbeat:
After changing configuration settings, you need to restart Auditbeat to pick up the changes.