Hello,
i have a problem with winlogbeat 7.6 on windows 2008r2:
"ERROR instance/beat.go:933
Exiting: rename C:\ProgramData\winlogbeat.winlogbeat.yml.new C:\ProgramData\winlogbeat.winlogbeat.yml:
Cannot create a file when that file already exists.
The service stop and don't want to restart. i have tried to delete winlogbeat.yml and restart the service but it doesn't work.
Can you help me please ?
regards
Could you please share your configuration as text formatted using </>?
Could you please format the configuration using </>? When pasting configuration without the formatting, the whitespaces are lost which can lead to config problem.
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: System
- name: Security
processors:
- script:
lang: javascript
id: security
file: ${path.home}/module/security/config/winlogbeat-security.js
- name: Microsoft-Windows-Sysmon/Operational
processors:
- script:
lang: javascript
id: sysmon
file: ${path.home}/module/sysmon/config/winlogbeat-sysmon.js
#==================== Elasticsearch template settings ==========================
setup.template.settings:
#index.number_of_shards: 1
#index.codec: best_compression
#_source.enabled: false
#================================ General =====================================
name: HOSTXXX
#============================== Kibana =====================================
# Kibana Host
host: "10.X.X.X:5601"
#================================ Outputs =====================================
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
hosts: ["10.X.X.X:9200"]
`#protocol: "https"
username: "elastic"
password: "12345678"
#================================ Processors =====================================
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
#============================== X-Pack Monitoring ===============================
monitoring.enabled: true
monitoring.cluster_uuid: 'XXX'
monitoring.elasticsearch:
Nobody have an idea?
Why winlogbeat recreate winlogbeat.yml (.winlogbeat.yml.new) ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.