Auditbeat_install@CentOS8

Posted on Edited on In
Symbols count in article: 992 Reading time ≈ 1 mins.

📦Auditbeat_install@CentOS8

tags: dnf, beats, centos , el8

Download elastic repo GPG key

$ sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

Create .repo in /etc/yum.repos.d/

/etc/yum.repos.d/elastic.repo
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
  • dnf install auditbeat
    $ sudo dnf install auditbeat

Configure automatiically during boot

$ sudo systemctl enable auditbeat
$ sudo systemctl start auditbeat

Modify output IP address & configure mem queue size

注意網段.1 or .2

/etc/aduitbeat/aduitbeat.yml
output.elasticsearch:
  hosts: ["10.10.1.247:9200"]

queue.mem:
  events: 1024
  flush.min_events: 512
  flush.timeout: 5s
/etc/aduitbeat/aduitbeat.yml
output.elasticsearch:
  hosts: ["10.10.2.247:9200"]

queue.mem:
  events: 1024
  flush.min_events: 512
  flush.timeout: 5s

Plus: Run auditbeat on Docker