Not sure if you have altered your logs here for security but it seems it is checking for /var/log/mylogfile
.
Typically /var/log
is owned by root and a non-root user won't be able to create files under /var/log
. In my experience filebeat will rotate the logs and create a new filebeat log file with every restart. So you need to make sure that the filebeat user has write permissions to the log directory. Creating a directory /var/log/filebeat
and having that directory be owned by filebeat should do the trick if this is the issue.
I run my filebeat with non-root user under RHEL with no issues. I am not using RPM deployment though. The way I accomplish it is by making sure the service start script runs as the non-root user so the start command
ExecStart=/usr/bin/filebeat -c /etc/filebeat/filebeat.yml -d '*'
will get triggered by the non-root user and it all works fine.
Here is the checkuser
function of my service start shell script:
RUN_AS="filebeat"
# if this script is not yet running as the right user use su to run it again as the correct user
# This will prevent output files from being created with wrong user ownership
checkuser() {
# Check to see if we are running as the right user. Else switch, and re-exec
if test `/usr/bin/id -un` = $RUN_AS; then
#echo $0 --- Already running as correct user $RUN_AS
:
elif test `/usr/bin/id -un` = "root"; then
echo "$0 --- Running as `/usr/bin/id -un`. Re-exec to run as $RUN_AS"
exec /bin/su - $RUN_AS -c "$0 $ARGS"
exit 0
else
echo "Only root or $RUN_AS can start $EXECUTABLE"
exit 1
fi
}
...
ARGS=$*;
case $1 in
'start')
checkuser
for CONFIG in "${config_list[@]}"; do
startproc
done
;;
...