I have always used /var/log/[name]beats as the path for the beats logs. But ever since 6.7 to 7.0, the beats logs are going to local syslog. I even hard set logging.to_syslog: false but beats still writes out to /var/log/messages (Centos). Any ideas?
Hi @ocabj,
In 7.0 we changed the behaviour of Beats when used with systemd so they log to the standard output and let systemd manage the logs. This way it is more consistent with services in systemd-based systems.
If you want to override this behaviour please take a look to this documentation.
If you are not using systemd the behaviour shouldn't have changed.
Thank you. I was able to restore logging to /var/log/{name}beats and stop logging to syslog by overriding "BEAT_LOG_OPTS=".
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.