📦Auditbeat_install@CentOS8
Download elastic repo GPG key
$ sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
|
Create .repo
in /etc/yum.repos.d/
/etc/yum.repos.d/elastic.repo[elastic-7.x] name=Elastic repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
|
- dnf install auditbeat
$ sudo dnf install auditbeat
|
$ sudo systemctl enable auditbeat $ sudo systemctl start auditbeat
|
注意網段.1
or .2
/etc/aduitbeat/aduitbeat.ymloutput.elasticsearch: hosts: ["10.10.1.247:9200"]
queue.mem: events: 1024 flush.min_events: 512 flush.timeout: 5s
|
/etc/aduitbeat/aduitbeat.ymloutput.elasticsearch: hosts: ["10.10.2.247:9200"]
queue.mem: events: 1024 flush.min_events: 512 flush.timeout: 5s
|
Plus: Run auditbeat on Docker