Loading

Start Auditbeat

Before starting Auditbeat:

To start Auditbeat, run:

sudo service auditbeat start

Also see Auditbeat and systemd.

sudo service auditbeat start

Also see Auditbeat and systemd.

sudo chown root auditbeat.yml 1
sudo ./auditbeat -e
  1. You’ll be running Auditbeat as root, so you need to change ownership of the configuration file, or run Auditbeat with --strict.perms=false specified. See Config File Ownership and Permissions.
sudo chown root auditbeat.yml 1
sudo ./auditbeat -e
  1. You’ll be running Auditbeat as root, so you need to change ownership of the configuration file, or run Auditbeat with --strict.perms=false specified. See Config File Ownership and Permissions.
PS C:\Program Files\auditbeat> Start-Service auditbeat

By default, Windows log files are stored in C:\ProgramData\auditbeat\Logs.