Version: 5.4.1
We have a problem that Filebeat keeps audit log file locked after log rotation.
Restarting Filebeat is workaround to the issue.
Question is can we use close_timeout with this module or is there some equivalent system?
close_* options are effective in case of modules, not only inputs. close_timeout would be a good choice to close files after log rotation.
Example configuration:
filebeat.modules
- module: auditd
log:
enabled: true
prospector:
close_timeout: 5m
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.