Es 5.2 logging to /var/log/messages

GCAppArch · March 20, 2017, 6:24pm

Hi

I have a problem with our es setup. Although we have configured the path.logs property in our config properties file, elastic continues to spew messages to /var/log/messages. The underlying file system ran out of disk space this weekend.

...
Mar 20 10:48:08 server-name audispd: node=server-name type=CWD msg=audit(1490032088.959:175991376): cwd="/opt/elastic/elasticsearch/5.2.0/bin"
Mar 20 10:48:08 server-name audispd: node=server-name type=PATH msg=audit(1490032088.959:175991376): item=0 name="/data/elastic/elasticsearch/nodes/0/indices/RYzTexEvQ3Cl2nq0VtTgJw/2/index/" inode=1441839 dev=fd:03 mode=040700 ouid=602 ogid=601 rdev=00:00 obj=unconfined_u:object_r:unlabeled_t:s0 objtype=PARENT
Mar 20 10:48:08 server-name audispd: node=server-name type=PATH msg=audit(1490032088.959:175991376): item=1 name="/data/elastic/elasticsearch/nodes/0/indices/RYzTexEvQ3Cl2nq0VtTgJw/2/index/_16sra_Lucene50_0.doc" inode=1442717 dev=fd:03 mode=0100600 ouid=602 ogid=601 rdev=00:00 obj=unconfined_u:object_r:unlabeled_t:s0 objtype=DELETE
...

Can someone advise how to force elastic to only log to the directory denoted in the path.logs property?

jaymode · March 20, 2017, 7:10pm

How did you install elasticsearch and how are you configuring path.logs? What os?

GCAppArch · March 20, 2017, 8:04pm

I used the elasticsearch-5.2.0.tar.gz distribution. The OS RHELRed Hat Enterprise Linux Server 7.3 (Maipo), 3.10.0-514.6.1.el7.x86_64

I've set the path.logs property in a customized property file /opt/elastic/config/elasticsearch/elasticsearch.yml.
....

path.logs: /opt/elastic/logs/elasticsearch
...
The es node is started as follows from the bin directory:

./elasticsearch -Epath.conf=/opt/elastic/config/elasticsearch -p /opt/elastic/elasticsearch/5.2.0/bin/es.pid &

I can confirm that I do see several log files being written here as configured in the log4j properties file:

/opt/elastic/logs/elasticsearch/*

*.log
*-2017-03-19.log
*_deprecation.log
*_index_indexing_slowlog.log
*_index_search_slowlog.log

GCAppArch · April 10, 2017, 3:23pm

Does anyone have any ideas on this one? We are running into disk space issues almost weekly because of this.

Thanks

system · May 8, 2017, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.