I try to specifiy the config file for filebeat, but all the time I get a permission denied error in the container. User root is set and strict.perms=false too.
I'm using following versions:
[root@mschindl-lnx1 config-dir]# docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
Go version: go1.10.3
Git commit: 64e9980/1.13.1
Built: Tue Apr 28 14:43:01 2020
OS/Arch: linux/amd64Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
Go version: go1.10.3
Git commit: 64e9980/1.13.1
Built: Tue Apr 28 14:43:01 2020
OS/Arch: linux/amd64
Experimental: false
[root@mschindl-lnx1 config-dir]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
[root@mschindl-lnx1 config-dir]# docker run -d
> -h filebeat
> -u root
> --name filebeat
> -v /mnt/auditlogs/:/mnt/audit/
> --volume="/config-dir/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"
> --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro"
> --volume="/var/run/docker.sock:/var/run/docker.sock:ro"
> docker.elastic.co/beats/filebeat:7.8.0 filebeat -e -strict.perms=false
> -E output.elasticsearch.hosts=["elasticsearch:9200"]
cee692103573ad316b9a60ab082f0d6d227a146be24f5a4ce23e121236b80232
[root@mschindl-lnx1 config-dir]# docker logs filebeat
Exiting: error loading config file: open filebeat.yml: permission denied
[root@mschindl-lnx1 config-dir]# ls -lisah filebeat.yml
69806038 4.0K -rw-r--r--. 1 root root 359 Jul 1 14:39 filebeat.yml
Workaround in a another thread didn't work:
[root@mschindl-lnx1 config-dir]# docker exec -it filebeat bash -l
[root**@filebeat** filebeat]# ls -lnR /usr/share/filebeat/filebeat.yml
-rw-r-----. 1 0 1000 319 Jun 14 18:19 /usr/share/filebeat/filebeat.yml
[root**@mschindl-lnx**1 config-dir]# ls -n filebeat.yml
-rw-r-----. 1 0 1000 359 Jul 1 14:39 filebeat.yml
Any help is appreciated
(I want to use filebeat to filter an audit.log file for a specific error code and sent it to elasticsearch.)