This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.

« Auditbeat and systemd Stop Auditbeat »

› ›

Start Auditbeat

edit

IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Start Auditbeat

edit

Before starting Auditbeat:

Follow the steps in Quick start: installation and configuration to install, configure, and set up the Auditbeat environment.
Make sure Kibana and Elasticsearch are running.
Make sure the user specified in auditbeat.yml is authorized to publish events.

To start Auditbeat, run:

sudo service auditbeat start

Also see Auditbeat and systemd.

sudo service auditbeat start

Also see Auditbeat and systemd.

sudo chown root auditbeat.yml 
sudo ./auditbeat -e

You’ll be running Auditbeat as root, so you need to change ownership of the configuration file, or run Auditbeat with --strict.perms=false specified. See Config File Ownership and Permissions.

sudo chown root auditbeat.yml 
sudo ./auditbeat -e

You’ll be running Auditbeat as root, so you need to change ownership of the configuration file, or run Auditbeat with --strict.perms=false specified. See Config File Ownership and Permissions.

PS C:\Program Files\auditbeat> Start-Service auditbeat

By default, Windows log files are stored in C:\ProgramData\auditbeat\Logs.

« Auditbeat and systemd Stop Auditbeat »