@zeno wrote:
Thanks for the reply tudor. So yes i am using Auditbeat FIM module to monitor the file changes in Ubuntu Server. You got it right. Following are the commands i use to create abc.txt
touch abc.txt ; it usually shows on kibana that 1 file is created but when i use : nano abc.txt and modify the file to see if kibana shows modified data then it shows 2-3 swap files against abc.txt which is my concern that why there are couple of swap files against 1 text file