Closed
Description
For confirmed bugs, please report:
- Version: 7.2.0
- Operating System: Linux 32bit
- Discuss Forum URL:
- Steps to Reproduce:
Run auditbeat with system/process metricset enabled (default).
The following errors are published:
{
"@timestamp": "2019-07-20T00:11:30.713Z",
"@metadata": {
"beat": "auditbeat",
"type": "_doc",
"version": "7.2.0"
},
"event": {
"dataset": "process",
"kind": "error",
"action": "process_error",
"module": "system"
},
"message": "ERROR for PID 19010: failed to hash executable /home/vagrant/auditbeat-7.2.0-linux-x86/auditbeat for PID 19010: failed to stat file /home/vagrant/auditbeat-7.2.0-linux-x86/auditbeat: stat /home/vagrant/auditbeat-7.2.0-linux-x86/auditbeat: operation not permitted",
"error": {
"message": "failed to hash executable /home/vagrant/auditbeat-7.2.0-linux-x86/auditbeat for PID 19010: failed to stat file /home/vagrant/auditbeat-7.2.0-linux-x86/auditbeat: stat /home/vagrant/auditbeat-7.2.0-linux-x86/auditbeat: operation not permitted"
},
"ecs": {
"version": "1.0.0"
},
"host": {
"name": "vagrant-ubuntu-trusty-32"
},
"service": {
"type": "system"
},
"user": {
"id": "0",
"group": {
"name": "root",
"id": "0"
},
"effective": {
"id": "0",
"group": {
"id": "0"
}
},
"saved": {
"id": "0",
"group": {
"id": "0"
}
},
"name": "root"
},
"agent": {
"type": "auditbeat",
"ephemeral_id": "709326f3-ff1a-4fdc-b298-85d21834ad3e",
"hostname": "vagrant-ubuntu-trusty-32",
"id": "f0a68bf7-bee1-42f5-b502-d6bac72fe7da",
"version": "7.2.0"
},
"process": {
"start": "2019-07-20T00:11:29.700Z",
"entity_id": "jzVfToq+d1Kb/dR0",
"name": "auditbeat",
"args": [
"./auditbeat",
"run",
"-e",
"-d",
"*",
"-strict.perms=false"
],
"pid": 19010,
"ppid": 19009,
"working_directory": "/home/vagrant/auditbeat-7.2.0-linux-x86",
"executable": "/home/vagrant/auditbeat-7.2.0-linux-x86/auditbeat"
}
}