Add Docker docs for Auditbeat (elastic#5619)

* Add Docker docs for Auditbeat

Closes elastic#5132

auditbeat/docs/getting-started.asciidoc

@@ -86,6 +86,24 @@ tar xzvf {beatname_lc}-{version}-darwin-x86_64.tar.gz
 
 endif::[]
 
+[[docker]]
+*docker:*
+
+ifeval::["{release-state}"=="unreleased"]
+
+Version {stack-version} of {beatname_uc} has not yet been released.
+
+endif::[]
+
+ifeval::["{release-state}"!="unreleased"]
+
+["source", "shell", subs="attributes"]
+------------------------------------------------
+docker pull {dockerimage}
+------------------------------------------------
+
+endif::[]
+
 [[win]]
 *win:*
 
@@ -278,5 +296,3 @@ The dashboards are provided as examples. We recommend that you
 {kibana-ref}/dashboard.html[customize] them to meet your needs.
 
 image:./images/auditbeat-file-integrity-dashboard.png[Auditbeat File Integrity Dashboard]
-
-

auditbeat/docs/running-on-docker.asciidoc

@@ -0,0 +1,15 @@
+include::../../libbeat/docs/shared-docker.asciidoc[]
+
+[float]
+==== Special requirements
+
+Under Docker, {beatname_uc} runs as a non-root user, but requires some privileged
+capabilities to operate correctly. Ensure that the +AUDIT_CONTROL+ and +AUDIT_READ+
+capabilities are available to the container.
+
+It is also essential to run {beatname_uc} in the host PID namespace.
+
+["source","sh",subs="attributes"]
+----
+docker run --cap-add=AUDIT_CONTROL,AUDIT_READ --pid=host {dockerimage}
+----

auditbeat/docs/setting-up-running.asciidoc

@@ -18,8 +18,13 @@ This section includes additional information on how to set up and run
 
 * <<command-line-options>>
 
-//MAINTAINERS: If you add a new file to this section, make sure you update the bulletedl ist ^^ too.
+* <<running-on-docker>>
+
+
+//MAINTAINERS: If you add a new file to this section, make sure you update the bulleted list ^^ too.
 
 include::../../libbeat/docs/shared-directory-layout.asciidoc[]
 
 include::../../libbeat/docs/command-reference.asciidoc[]
+
+include::./running-on-docker.asciidoc[]