Filebeat Docker Container can't read host log files due to permissions

claflico · December 10, 2017, 3:35am

Trying to setup an ELK:6.0.1 stack and *beat:6.0.1 via CentOS 7, Docker 17.09, & Rancher 1.6.12 for a presentation I'm giving this week at a DevOps MeetUp. Am trying to set everything up without having to create custom images or mounting custom config files like I usually have to.

Using the following guides:

https://www.elastic.co/guide/en/beats/filebeat/6.0/running-on-docker.html
https://www.elastic.co/guide/en/beats/filebeat/6.0/configuration-filebeat-modules.html

My docker-compose section:
filebeat:
image: docker.elastic.co/beats/filebeat:6.0.1
environment:
output.logstash.hosts: '["logstash:5044"]'
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/log:/mnt/log:ro
command:
- -e
- --modules
- system
labels:
io.rancher.container.hostname_override: container_name
io.rancher.container.pull_image: always
io.rancher.scheduler.global: 'true'

From the containers default prospector file:

input_type: log
paths:
- /mnt/log/*.log

When I look at the container logs I'm seeing:
12/9/2017 6:33:19 PM2017/12/10 00:33:19.608840 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/boot.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/boot.log: open /mnt/log/boot.log: permission denied
12/9/2017 6:33:19 PM2017/12/10 00:33:19.608958 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/yum.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/yum.log: open /mnt/log/yum.log: permission denied
12/9/2017 6:33:29 PM2017/12/10 00:33:29.609752 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/boot.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/boot.log: open /mnt/log/boot.log: permission denied
12/9/2017 6:33:29 PM2017/12/10 00:33:29.609887 prospector.go:426: ERR Harvester could not be started on new file: /mnt/log/yum.log, Err: Error setting up harvester: Harvester setup failed. Unexpected file opening error: Failed opening /mnt/log/yum.log: open /mnt/log/yum.log: permission denied

Without rebuilding the filebeat image and setting the user to root how can I give the container access to the log files owned by root? I've already set the container to privileged mode in Rancher and that didn't help.

exekias · December 11, 2017, 3:10pm

That's a good approach

So far I've been setting user to root, when using plain Docker you can use --user flag. How are you launching it with Rancher?, probably it has a similar parameter you can pass.

Best regards

exekias · December 11, 2017, 3:25pm

Sorry, I just saw you are using docker-compose, just pass the user: root field

claflico · December 11, 2017, 3:46pm

Ok, thanks...i'll try adding that.

claflico · December 12, 2017, 4:07pm

That worked...thanks again.

system · January 9, 2018, 4:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat dashboard creation via Docker errors on Kibana host Beats filebeat	4	1989	January 8, 2018
ELK no read logs from docker containers Beats filebeat	2	403	June 25, 2019
Couldn't Harvest log file from Docker Beats docker , filebeat	1	197	April 22, 2022
FileBeat harvester doesn't work on the defined path with 777 permission Beats docker , filebeat	2	339	November 3, 2020
Filebeat Harvester not being started for files Beats filebeat	1	379	May 18, 2021

Filebeat Docker Container can't read host log files due to permissions

Related topics