Filebeat events in syslog despite setting to_syslog: false

Elastic Stack Beats
1

Hi all,

Currently, one of my servers running filebeat is dumping debug level messages to /var/log/messages despite the filebeat.yml stating to not log events to syslog.

Here is my configuration:

logging:
  to_syslog: false
  to_files: true
  files:
    path: /var/log/filebeat
    name: mybeat
    rotateeverybytes: 10485760 # = 10MB
    keepfiles: 7
  level: debug

I have other servers running with the same configuration which are not dumping entries to /var/log/messages.
The only big difference (which seems unlikely to be the issue) is that the server with the issue is running on CentOS, while others are running on RHEL.

Here is the /var/log/messages tailed:

[root]# tail /var/log/messages
Sep 19 04:50:06 filebeat: "count": 1,
Sep 19 04:50:06 filebeat: "input_type": "log",
Sep 19 04:50:06 filebeat: "message": "Sep 19 04:50:01 health_checker.py: main - INFO - {
Sep 19 04:50:06 filebeat: "offset": 16895751,
Sep 19 04:50:06 filebeat: "source": "/var/log/health/health.log",
Sep 19 04:50:06 filebeat: "tags": "health",
Sep 19 04:50:06 filebeat: "type": "log"
Sep 19 04:50:06 filebeat: }

Does anyone have experienced similar issues ?

Thank you for the support.

2

Can you share some details on how you installed and started filebeat on CentOS / RHEL?

3

Hi @ruflin, firstly thank you for your response.

On both, filebeat was installed through ansible automation with the following task:

yum: name=/var/tmp/filebeat.rpm state=present

Thank you.

4

Closing the thread, the issue was by the fact that CentOS was automatically forwarding stdout messages to /var/log/messages.
So to solve issue in my case the console output of filebeat was commented.

Thank you.

5

Thank your for sharing the solution.

6

This topic was automatically closed after 21 days. New replies are no longer allowed.