From bd39fd18a999684955c4c99386e60eb1e9b12f42 Mon Sep 17 00:00:00 2001
From: DeDe Morton <dede.morton@elastic.co>
Date: Tue, 2 Jun 2020 10:34:44 -0700
Subject: [PATCH] [WIP] Clarify capabilities of the Filebeat auditd module
 (#17068) (#18886)

* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Rob Waight <43173714+rwaight@users.noreply.github.com>
---
 filebeat/docs/modules/auditd.asciidoc      | 4 ++++
 filebeat/module/auditd/_meta/docs.asciidoc | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/filebeat/docs/modules/auditd.asciidoc b/filebeat/docs/modules/auditd.asciidoc
index f24f087e514c..670269248f1a 100644
--- a/filebeat/docs/modules/auditd.asciidoc
+++ b/filebeat/docs/modules/auditd.asciidoc
@@ -11,6 +11,10 @@ This file is generated! See scripts/docs_collector.py
 The +{modulename}+ module collects and parses logs from the audit daemon
 (`auditd`).
 
+NOTE: Although {beatname_uc} is able to parse logs by using the `auditd` module,
+{auditbeat-ref}/auditbeat-module-auditd.html[{auditbeat}] offers more advanced
+features for monitoring audit logs.
+
 include::../include/what-happens.asciidoc[]
 
 include::../include/gs-link.asciidoc[]
diff --git a/filebeat/module/auditd/_meta/docs.asciidoc b/filebeat/module/auditd/_meta/docs.asciidoc
index 0d62f16715fe..a24e892b7642 100644
--- a/filebeat/module/auditd/_meta/docs.asciidoc
+++ b/filebeat/module/auditd/_meta/docs.asciidoc
@@ -6,6 +6,10 @@
 The +{modulename}+ module collects and parses logs from the audit daemon
 (`auditd`).
 
+NOTE: Although {beatname_uc} is able to parse logs by using the `auditd` module,
+{auditbeat-ref}/auditbeat-module-auditd.html[{auditbeat}] offers more advanced
+features for monitoring audit logs.
+
 include::../include/what-happens.asciidoc[]
 
 include::../include/gs-link.asciidoc[]