Filebeat - apport.log: permission denied

Stud21 · February 2, 2021, 9:53pm

Hi,
I'm trying to configure and run Filebeat for one of the training topics related to Lab 4.2: Extracting Events and am getting the below error:
2021-02-02T21:46:53.121Z ERROR log/input.go:519 Harvester could not be started on new file: /var/log/apport.log, Err: error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /var/log/apport.log: open /var/log/apport.log: permission denied

Please assist

Rich_Raposa · February 10, 2021, 4:28am

I see a couple of issues:

The lab does not ask you to extract events from a file named /var/log/apport.log
If you do have that file on your system, the elastic user that is starting Filebeat does not have access to it, as stated in the error message

What step are you on in that lab?

system · March 12, 2021, 4:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Harvester could not be started on new file - access is denied Beats filebeat	3	5445	May 25, 2018
Filebeats not able to publish events to Logstash Beats filebeat	6	3409	May 23, 2017
Filebeat Docker Container can't read host log files due to permissions Beats filebeat	5	7910	January 9, 2018
Filebeat : harvester setup failed: unexpected file opening error Beats filebeat	2	846	June 10, 2019
Dissect not parsing Logstash	1	567	January 9, 2020

Filebeat - apport.log: permission denied

Related topics