- Auditbeat Reference: other versions:
- Overview
- Contributing to Beats
- Getting started with Auditbeat
- Breaking changes in 6.2
- Setting up and running Auditbeat
- Configuring Auditbeat
- Specify which modules to run
- Specify general settings
- Reload the configuration dynamically
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- auditbeat.reference.yml
- Modules
- Exported fields
- Monitoring Auditbeat
- Securing Auditbeat
- Troubleshooting
WARNING: Version 6.2 of Auditbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Auditbeat and X-Pack Security
editAuditbeat and X-Pack Security
editIf you want Auditbeat to connect to a cluster that has X-Pack Security enabled, there are extra configuration steps.
To send data to a secured cluster through the elasticsearch output,
Auditbeat needs to authenticate as a user who can manage index templates,
monitor the cluster, create indices, and read, and write to the indices
it creates. See Configuring Authentication Credentials for Auditbeat.
If encryption is enabled on the cluster, you also need to enable HTTPS in the Auditbeat configuration. See Configuring Auditbeat to use Encrypted Connections.
In addition to configuring authentication credentials for the Auditbeat itself, you need to grant authorized users permission to access the indices it creates. See Granting Users Access to Auditbeat Indices.
For more information about X-Pack Security, see Securing Elasticsearch and Kibana.