Hope someone had this issue before.
Look like my /var/log/messages is getting really high since we have configured filebeat.
The disk space is getting lower and almost 95% of this.
How can I make sure that old log messages are being deleted?
'''''
[root@srvde432 log]# pwd
/var/log
[root@srvde432 log]# ls -lh | grep messages
-rw-------. 1 root root 24G Jul 29 15:51 messages
-rw-------. 1 root root 1.4G Feb 6 03:39 messages-20220206
This will make filebeat log to a file named filebeat inside of /var/log/filebeat, and keep the last 7 log files, it will stop logging to /var/log/messages.
Thank for the response.
actually it's not the filebeast that is filling up /var/log/message file. Its the logstash which is filling it out.
Aug 4 13:36:18 srvde432 logstash: "country_code2" => "
Aug 4 13:36:18 srvde432 logstash: "continent_code" => "
Aug 4 13:36:18 srvde432 logstash: "city_name" => "
Aug 4 13:36:18 srvde432 logstash: "longitude" =>
Aug 4 13:36:18 srvde432 logstash: "region_code" => "
Aug 4 13:36:18 srvde432 logstash: "country_code3" =>
Aug 4 13:36:18 srvde432 logstash: "timezone" =>
Aug 4 13:36:18 srvde432 logstash: "country_name" =>
Aug 4 13:36:18 srvde432 logstash: "postal_code" => "
Aug 4 13:36:18 srvde432 logstash:
I tried to comment out the option inside the logstash log4.properties file
rootLogger.appenderRef.console.ref = ${sys:ls.log.format}_console
logger.slowlog.appenderRef.console_slowlog.ref = ${sys:ls.log.format}_console_slowlog
and restarted the system , still no use, it keeps on logging.
Also tried to rename the file to messagesold and created to new file and restarted service.
That did not work as well, it still logging to /var/log/messagesold (even after renaming it , still logstash is sending it to that file).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.