Hello
I’ve created a auditbeat config see below, the config work fine but sidecar timesout on validation?
i click stop and then start after stopped everything works just fine.
Stop / Start example:
time=“2022-11-07T12:05:27+01:00” level=info msg=“[Auditbeat] Got remote stop command”
time=“2022-11-07T12:05:27+01:00” level=info msg=“[Auditbeat] Stopping”
time=“2022-11-07T12:09:47+01:00” level=info msg=“[Auditbeat] Got remote start command”
time=“2022-11-07T12:09:47+01:00” level=info msg=“[Auditbeat] Starting (exec driver)”
Config Update example:
time="2022-11-07T11:51:35+01:00" level=info msg="[Auditbeat] Configuration change detected, rewriting configuration file."
time="2022-11-07T11:52:05+01:00" level=error msg="[Auditbeat] Unable to validate configuration, timeout reached."
Auditbeat config:
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: ["graylog.xxx.xxx:5044"]
tags:
- linux #added
- auditbeat #added
auditbeat.modules:
- module: auditd
- module: file_integrity
paths:
- /bin
- /usr/bin
- /sbin
- /usr/sbin
- /etc
- module: system
datasets:
- host # General host information, e.g. uptime, IPs
- process # Started and stopped processes
- login #!!linux only
state.period: 12
user.detect_password_changes: true #added
#processors: #Commented out
# - add_host_metadata: ~ #Commented out
# - add_cloud_metadata: ~ #Commented out