IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Auditbeat quick start: installation and configuration »
Elastic Docs Auditbeat Reference [8.17]

Auditbeat overview

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Auditbeat overview

edit

Auditbeat is a lightweight shipper that you can install on your servers to audit the activities of users and processes on your systems. For example, you can use Auditbeat to collect and centralize audit events from the Linux Audit Framework. You can also use Auditbeat to detect changes to critical files, like binaries and configuration files, and identify potential security policy violations.

Auditbeat is an Elastic Beat. It’s based on the libbeat framework. For more information, see the Beats Platform Reference.

Auditbeat quick start: installation and configuration »