From 5478f637768e81e3500c5b4d148c360943f5eacc Mon Sep 17 00:00:00 2001
From: Rob Waight <43173714+rwaight@users.noreply.github.com>
Date: Mon, 1 Jun 2020 12:52:28 -0500
Subject: [PATCH] [WIP] Clarify capabilities of the Filebeat auditd module
 (#17068)

* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>
---
 filebeat/docs/modules/auditd.asciidoc      | 4 ++++
 filebeat/module/auditd/_meta/docs.asciidoc | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/filebeat/docs/modules/auditd.asciidoc b/filebeat/docs/modules/auditd.asciidoc
index f24f087e514..670269248f1 100644
--- a/filebeat/docs/modules/auditd.asciidoc
+++ b/filebeat/docs/modules/auditd.asciidoc
@@ -11,6 +11,10 @@ This file is generated! See scripts/docs_collector.py
 The +{modulename}+ module collects and parses logs from the audit daemon
 (`auditd`).
 
+NOTE: Although {beatname_uc} is able to parse logs by using the `auditd` module,
+{auditbeat-ref}/auditbeat-module-auditd.html[{auditbeat}] offers more advanced
+features for monitoring audit logs.
+
 include::../include/what-happens.asciidoc[]
 
 include::../include/gs-link.asciidoc[]
diff --git a/filebeat/module/auditd/_meta/docs.asciidoc b/filebeat/module/auditd/_meta/docs.asciidoc
index 0d62f16715f..a24e892b764 100644
--- a/filebeat/module/auditd/_meta/docs.asciidoc
+++ b/filebeat/module/auditd/_meta/docs.asciidoc
@@ -6,6 +6,10 @@
 The +{modulename}+ module collects and parses logs from the audit daemon
 (`auditd`).
 
+NOTE: Although {beatname_uc} is able to parse logs by using the `auditd` module,
+{auditbeat-ref}/auditbeat-module-auditd.html[{auditbeat}] offers more advanced
+features for monitoring audit logs.
+
 include::../include/what-happens.asciidoc[]
 
 include::../include/gs-link.asciidoc[]