我对ELK来说还比较陌生,我正在尝试将日志从auditbeat发送到kibana。 我遵循ELK文档中的setps在Linux上安装auditbeats。 但是,在运行审计拍的最后一步时,出现以下错误:
Cannot continue: audit configuration is locked in the kernel (enabled=2) which prevents using unicast sockets. Multicast audit subscriptions are not available in this kernel. Disable locking the audit configuration to use auditbeat