我正在配置 auditbeat,但是我正在使用 logstash 过滤审计数据并发送到不同的接收器。话虽如此,auditbeat 在设置过程中会引发错误。任何有关如何配置 auditbeat 以绕过错误的提示,非常感谢。
收到以下错误:
2021-08-06T21:34:03.904Z ERROR instance/beat.go:989 Exiting: Index management requested but the Elasticsearch output is not configured/enabled
Exiting: Index management requested but the Elasticsearch output is not configured/enabled
我的配置如下(7.14.0版):
auditbeat.modules:
- module: file_integrity
enabled: true
paths:
- /bin
- /usr/bin
- /sbin
- /usr/sbin
- /etc
recursive: true
- module: system
datasets:
- login
- user
period: 10s
user.detect_password_changes: true
fields_under_root: true
fields:
APP_NAME: "auditbeat"
SUB_SYSTEM: “<redacted>”
output.elasticsearch:
enabled: false
output.logstash:
enabled: true
hosts: [“<redacted”>]
bulk_max_size: 4096
output.kafka:
enabled: false
setup.template.enabled: false
setup.ilm.enabled: false
setup.ilm.check_exists: false
logging.metrics.enabled: false