Docker logs being written to file

tdeprez · June 28, 2019, 4:19pm

I'm testing the auditbeat docker image using the kubernetes manifest linked from here:
https://www.elastic.co/guide/en/beats/auditbeat/7.2/running-on-kubernetes.html

It appears the auditbeat logs are being written to a file, /usr/share/auditbeat/logs/auditbeat

Filebeat/metricbeat docker images write to stdout, so are available using kubectl logs <image>

The manifest is missing an arguement, "-e", to send the logs to stdout.
ie

        args: [
          "-c", "/etc/auditbeat.yml", "-e"
        ]

Says to logs bugs here before creating an issue.
Thanks

andrewkroh · July 1, 2019, 5:48pm

Thanks for following the procedure and reporting the issue here first . Would you be able to open a PR to fix this file and then run make from the deploy/kubernetes dir to update the generated auditbeat-kubernetes.yaml? Otherwise please open a new issue on Github as this is definitely bug.

tdeprez · July 2, 2019, 9:18am

Thanks. Pull request done, I think

system · July 23, 2019, 9:18am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.