Would you like to learn how to install Auditbeat on Ubuntu Linux? In this tutorial, we are going to show you how to install the Auditbeat service on a computer running Ubuntu Linux and send the network information to an ElasticSearch server.
• Ubuntu 18
• Ubuntu 19
• ElasticSearch 7.6.2
• Kibana 7.6.2
• Auditbeat 7.6.2
In our example, The ElastiSearch server IP address is 192.168.100.7.
ElasticSearch Related Tutorial:
On this page, we offer quick access to a list of tutorials related to ElasticSearch installation.
Tutorial Auditbeat – Installation on Ubuntu Linux
Set a hostname using the command named hostnamectl.
Reboot the computer.
Download and install the Auditbeat package.
Edit the Auditbeat configuration file named auditbeat.yml.
Here is the original file, before our configuration.
Here is the file with our configuration.
In our example, we configured the Auditbeat service to send data to the ElasticSearch server 192.168.100.7.
In our example, we configured the Auditbeat service to connect to the Kibana server 192.168.100.7.
Use the following command to create the Auditbeat dashboards on the Kibana server.
Start the Auditbeat service.
Configure the Auditbeat service to start during boot time.
Congratulations! You have finished the Auditbeat installation on Ubuntu Linux.
Kibana – Accessing the Auditbeat Dashboard
Open your browser and enter the IP address of your Kibana server plus :5601.
In our example, the following URL was entered in the Browser:
• http://192.168.100.7:5601
The Kibana web interface should be presented
On the Visualize and Explore Data area, select the Dashboard option.
Search for dashboards named: Auditbeat
Select the desired Auditbeat dashboard.
Congratulations! You are able to access the Auditbeat information on the Kibana server.
