Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auditbeat: docs incorrectly state that socket_type will be reverted to unicast if multicast is not available #37174

Closed
efd6 opened this issue Nov 21, 2023 · 1 comment · Fixed by #37175
Closed

auditbeat: docs incorrectly state that socket_type will be reverted to unicast if multicast is not available #37174

efd6 opened this issue Nov 21, 2023 · 1 comment · Fixed by #37175
Labels
8.11-candidate 8.12-candidate backport-v8.11.0 Automated backport with mergify bug docs needs_integration_sync Changes in this PR need synced to elastic/integrations.

Comments

@efd6
Copy link
Contributor

efd6 commented Nov 21, 2023

From here:

multicast can be used in kernel versions 3.16 and newer. By using multicast Auditbeat will receive an audit event broadcast that is not exclusive to a a single process. This is ideal for situations where auditd is running and managing the rules. If multicast is specified, but the kernel version is less than 3.16 Auditbeat will automatically revert to unicast.

Similar wording is in the auditd_manager integration here:

If it is set to true, but the kernel version is less than 3.16 it will be automatically disabled.

Remove this incorrect advice.
@efd6 efd6 added bug docs Team:Security-External Integrations needs_integration_sync Changes in this PR need synced to elastic/integrations. 8.11-candidate 8.12-candidate backport-v8.11.0 Automated backport with mergify labels Nov 21, 2023
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6 efd6 mentioned this issue Nov 22, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
8.11-candidate 8.12-candidate backport-v8.11.0 Automated backport with mergify bug docs needs_integration_sync Changes in this PR need synced to elastic/integrations.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

auditbeat/docs/modules: remove incorrect advice in documentation efd6/beats
2 participants
@elasticmachine @efd6