- Auditbeat Reference: other versions:
- Overview
- Getting started with Auditbeat
- Breaking changes in 6.2
- Setting up and running Auditbeat
- Configuring Auditbeat
- Specify which modules to run
- Specify general settings
- Reload the configuration dynamically
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- auditbeat.reference.yml
- Modules
- Exported fields
- Monitoring Auditbeat
- Securing Auditbeat
- Troubleshooting
- Contributing to Beats
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Set the password for the built-in monitoring user
editSet the password for the built-in monitoring user
editX-Pack security provides built-in user credentials in Elasticsearch that have a fixed set of
privileges. In 6.3.0 and later releases, there is a
beats_system
built-in user, which Auditbeat uses to store
monitoring information in Elasticsearch.
The initial passwords for all of the built-in users are set by using the
setup-passwords
tool in Elasticsearch. Thereafter, you can change the passwords by
using the Management > Users page in Kibana or the
Change Password API.
If you upgraded from Elasticsearch version 6.2 or earlier, you will not
have set a password for the beats_system
user. A user with the
manage_security
privilege must change the password for this built-in user.
For more information, see:
Was this helpful?
Thank you for your feedback.