Configure Auditbeat
Stack
Tip
To get started quickly, read Quick start: installation and configuration.
To configure Auditbeat, edit the configuration file. The default configuration file is called auditbeat.yml. The location of the file varies by platform. To locate the file, see Directory layout.
There’s also a full example configuration file called auditbeat.reference.yml that shows all non-deprecated options.
Tip
See the Config File Format for more about the structure of the config file.
The following topics describe how to configure Auditbeat:
- Modules
- General settings
- Project paths
- Config file reloading
- Output
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Internal queue
- Logging
- HTTP endpoint
- Regular expression support
- Instrumentation
- Feature flags
- auditbeat.reference.yml
After changing configuration settings, you need to restart Auditbeat to pick up the changes.