good day, everyone, thank you in advance for the collaboration.
I have installed a filebeat agent on a Linux Debian server and it does not send data through the network.
I have verified the configuration and did not identify any problem:
Version
filebeat-6.6.1
configuration
- type: log
- /var/log/.log
output.elasticsearch:
hosts: ["IP:9200"]
logging.level: info
logging.selectors: [""]
The Filebeat logs are:
2019-03-01T15:47:13.569-0500 INFO [monitoring] log/log.go:153 Uptime: 5m59.711455611s
2019-03-01T15:47:13.569-0500 INFO [monitoring] log/log.go:130 Stopping metrics logging.
2019-03-01T15:47:13.569-0500 INFO instance/beat.go:413 filebeat stopped.
tail: '/var/log/filebeat/filebeat' has become inaccessible: No such file or directory
tail: '/var/log/filebeat/filebeat' has appeared; following new file
2019-03-01T15:47:13.606-0500 INFO instance/beat.go:616 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2019-03-01T15:47:13.607-0500 INFO instance/beat.go:623 Beat UUID: 6f8b4eeb-8bac-4e6f-94d6-6627247804fb
2019-03-01T15:47:13.610-0500 INFO [seccomp] seccomp/seccomp.go:116 Syscall filter successfully installed
2019-03-01T15:47:13.610-0500 INFO [beat] instance/beat.go:936 Beat info {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "6f8b4eeb-8bac-4e6f-94d6-6627247804fb"}}}
2019-03-01T15:47:13.610-0500 INFO [beat] instance/beat.go:945 Build info {"system_info": {"build": {"commit": "928f5e3f35fe28c1bd73513ff1cc89406eb212a6", "libbeat": "6.6.1", "time": "2019-02-13T16:12:26.000Z", "version": "6.6.1"}}}
2019-03-01T15:47:13.610-0500 INFO [beat] instance/beat.go:948 Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.10.8"}}}
2019-03-01T15:47:13.611-0500 INFO [beat] instance/beat.go:952 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2018-09-03T17:32:42-05:00","containerized":false,"name":"SERVER","ip":["127.0.0.1/8","::1/128","IP/27","fe80::20c:29ff:fe14:36f5/64"],"kernel_version":"4.15.0-33-generic","mac":["00:0c:29:14:36:f5"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"18.04.1 LTS (Bionic Beaver)","major":18,"minor":4,"patch":1,"codename":"bionic"},"timezone":"-05","timezone_offset_sec":-18000,"id":"f40db32da305468a83528795f015bf7f"}}}
2019-03-01T15:47:13.613-0500 INFO [beat] instance/beat.go:981 Process info {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"ambient":null}, "cwd": "/", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 5720, "ppid": 1, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2019-03-01T15:47:13.110-0500"}}}
2019-03-01T15:47:13.613-0500 INFO instance/beat.go:281 Setup Beat: filebeat; Version: 6.6.1
2019-03-01T15:47:16.615-0500 INFO add_cloud_metadata/add_cloud_metadata.go:319 add_cloud_metadata: hosting provider type not detected.
2019-03-01T15:47:16.616-0500 INFO elasticsearch/client.go:165 Elasticsearch url: http://IP:9200
2019-03-01T15:47:16.616-0500 INFO [publisher] pipeline/module.go:110 Beat name: SERVER
2019-03-01T15:47:16.617-0500 INFO [monitoring] log/log.go:117 Starting metrics logging every 30s
2019-03-01T15:47:16.617-0500 INFO instance/beat.go:403 filebeat start running.
2019-03-01T15:47:16.618-0500 INFO registrar/registrar.go:134 Loading registrar data from /var/lib/filebeat/registry
2019-03-01T15:47:16.618-0500 INFO registrar/registrar.go:141 States Loaded from registrar: 0
2019-03-01T15:47:16.618-0500 INFO crawler/crawler.go:72 Loading Inputs: 1
2019-03-01T15:47:16.618-0500 INFO crawler/crawler.go:106 Loading and starting Inputs completed. Enabled inputs: 0
2019-03-01T15:47:16.618-0500 INFO cfgfile/reload.go:150 Config reloader started
2019-03-01T15:47:16.619-0500 INFO cfgfile/reload.go:205 Loading of config files completed.
2019-03-01T15:47:46.619-0500 INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":10,"time":{"ms":12}},"total":{"ticks":20,"time":{"ms":28},"value":0},"user":{"ticks":10,"time":{"ms":16}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"4e8e11e0-d077-47f2-abaa-81f842928fc1","uptime":{"ms":33027}},"memstats":
I have made network captures and do not see any request for sending, but from what I see the agent if you see data.