diff --git a/filebeat/module/elasticsearch/audit/manifest.yml b/filebeat/module/elasticsearch/audit/manifest.yml
index 1cb97d893859..677b47eb590f 100644
--- a/filebeat/module/elasticsearch/audit/manifest.yml
+++ b/filebeat/module/elasticsearch/audit/manifest.yml
@@ -6,8 +6,8 @@ var:
       - /var/log/elasticsearch/*_access.log
       - /var/log/elasticsearch/*_audit.log
     os.darwin:
-      - /usr/local/elasticsearch/*_access.log
-      - /usr/local/elasticsearch/*_audit.log
+      - /usr/local/var/lib/elasticsearch/*_access.log
+      - /usr/local/var/lib/elasticsearch/*_audit.log
     os.windows:
       - c:/ProgramData/Elastic/Elasticsearch/logs/*_access.log
       - c:/ProgramData/Elastic/Elasticsearch/logs/*_audit.log