Docker logs being written to file

tdeprez · June 28, 2019, 4:19pm

I'm testing the auditbeat docker image using the kubernetes manifest linked from here:
https://www.elastic.co/guide/en/beats/auditbeat/7.2/running-on-kubernetes.html

It appears the auditbeat logs are being written to a file, /usr/share/auditbeat/logs/auditbeat

Filebeat/metricbeat docker images write to stdout, so are available using kubectl logs <image>

The manifest is missing an arguement, "-e", to send the logs to stdout.
ie

        args: [
          "-c", "/etc/auditbeat.yml", "-e"
        ]

Says to logs bugs here before creating an issue.
Thanks

andrewkroh · July 1, 2019, 5:48pm

Thanks for following the procedure and reporting the issue here first . Would you be able to open a PR to fix this file and then run make from the deploy/kubernetes dir to update the generated auditbeat-kubernetes.yaml? Otherwise please open a new issue on Github as this is definitely bug.

tdeprez · July 2, 2019, 9:18am

Thanks. Pull request done, I think

system · July 23, 2019, 9:18am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting logs from pods via filebeat Beats filebeat	2	1168	October 26, 2018
Auditbeat, filebeat and journalbeat in kubernetes Beats elastic-stack-security , filebeat , elastic-agent	2	470	January 12, 2022
ES K8s (AKS) auditlogs via filebeat Beats filebeat	6	2263	May 1, 2020
Beats in docker: logging so filebeat picks up logs via "docker logs" API Beats	4	1410	December 11, 2019
"stdout only" logs not captured in filebeat while display file with kubectl logs pod Beats filebeat	1	325	January 17, 2023

Docker logs being written to file

Related topics