WARNING: Version 5.4 of Filebeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Auditd moduleedit
This module collects and parses logs from the audit daemon (auditd).
Compatibilityedit
This module was tested with logs from auditd on OSes like CentOS 6 and
CentOS 7.
This module is not available for Windows.
Dashboardedit
This module comes with a sample dashboard showing an overview of the audit log data. You can build more specific dashboards that are tailored to the audit rules that you use on your systems.
Syslog fileset settingsedit
var.pathsedit
An array of paths where to look for the log files. If left empty, Filebeat will choose the paths depending on your operating systems.
Fieldsedit
For a description of each field in the metricset, see the exported fields section.