Auditbeat
Auditbeat
Description
Auditbeat is the Elastic's agent for monitoring audit logs on Linux. It sends the logs to a log collector or a SIEM.
Configuration
Warning
Target OS: Ubuntu
Auditbeat is configured by default according to the documentation. In addition, an extra configuration file enables Auditbeat to log the system calls on both x64 and x86 platforms.
No API token or ID is required. It sends the logs to the default enabled Logstash of the topology.
How to enable
You only need to click on the Add button to deploy Auditbeat.
Usage
You need to activate a SIEM in order to check Logstash logs.