Filebeat doesn't send data when executed as daemon

I've installed filebeat in an Amazon Linux and changed the /etc/init.d/filebeat to run as a non root user called "filebeat-usr". I also changed ownership of all filebeat files to "filebeat-usr".
When I do sudo su filebeat-usr and then "filebeat -e", filebeat sends data to my ElasticSearch cluster successfully. But when I run sudo service filebeat start from a sudoer user, the service starts up nice, but it's not able to send nothing to ElasticSearch.

I was having this problem: " ERROR log/input.go:209 input state for /home/someuser/applog.log was not removed: stat /home/someuser/applog.log: permission denied". Which is weird, because I was able to run stat on this file while logged as filebeat-usr. Anyway, I removed the registry file in /var/lib/ and this error message is not appearing anymore, unfortunately no data is coming to ES cluster.

Does any one knows what it could be?

I was able to figure out what it was. The logs were owned by other user, and although I had placed the filebeat user within the same group of the log producer user, and the group had read permission on the logs, I still needed to add a parameter in filebeat-god script. So, to fix this I edit the /etc/init.d/filebeat init script and added to wrapperopts variable the parameter -g $beat_group, where $beat_group is my unix user group.

#group that can read the log files

[ "$beat_user" != "root" ] && wrapperopts="$wrapperopts -u $beat_user -g $beat_group"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.