<h1 id="auditbeat">Auditbeat<a aria-hidden="true" class="anchor-heading icon-link" href="#auditbeat"></a></h1>
<p>Auditbeat is a log shipper for audit data that contains configurable modules that can consume data from a bunch of sources:</p>
<ul>
<li><a href="/notes/r6uljr1cgfo6h33k1dhyld0">Audit framework</a> via <code>auditd</code> (Linux-only)</li>
<li>File integrity monitors filesystem change events (all platforms)</li>
<li>System (beta):
<ul>
<li><code>host</code></li>
<li><code>login</code></li>
<li><code>package</code></li>
<li><code>process</code></li>
<li><code>socket</code></li>
<li><code>user</code></li>
</ul>
</li>
</ul>

Auditbeat


![Digital brain](assets/images/logo.svg){display: block, margin: 0 auto, max-height: 50vh}

Hi, I'm Luke 👋

I'm a software engineer turned site reliability engineer. I'm currently big on knowledge management and learning.

# Find me elsewhere

- [👨‍💻 DEV](https://dev.to/lukecarrier)
- [🚢 GitHub](https://github.com/LukeCarrier)
- [👔 LinkedIn](https://www.linkedin.com/in/lukecarrier/)
- [📄 Résumé](https://github.com/LukeCarrier/resume)
