Filebeat events in syslogs

Hi,
We have one server in production where filebeat is running.

I just saw there are following messages in /var/log/messages
Where is the configuration which tells such failure messages to go in syslog?

Aug  1 10:58:34 rssapp0 rsyslogd-2177: imuxsock lost 816 messages from pid 40716 due to rate-limiting
Aug  1 10:58:34 rssapp0 rsyslogd-2177: imuxsock begins to drop messages from pid 40716 due to rate-limiting
Aug  1 10:58:40 rssapp0 rsyslogd-2177: imuxsock lost 907 messages from pid 40716 due to rate-limiting

Aug  1 10:39:34 rssapp0 /usr/bin/filebeat[40716]: single.go:159: backoff retry: 1s
Aug  1 10:41:23 rssapp0 /usr/bin/filebeat[40716]: publish.go:104: Events sent: 2048
Aug  1 10:44:52 rssapp0 /usr/bin/filebeat[40716]: publish.go:104: Events sent: 2048
Aug  1 10:44:52 rssapp0 /usr/bin/filebeat[40716]: registrar.go:157: Registry file updated. 1 states written.
Aug  1 10:45:16 rssapp0 /usr/bin/filebeat[40716]: publish.go:104: Events sent: 2048
Aug  1 10:45:16 rssapp0 /usr/bin/filebeat[40716]: registrar.go:157: Registry file updated. 1 states written.

please guide on this.

Br,
Sunil.

Hi sunil,
There is a logging option in filebeat config file, which you can modify. Probably you left it for default and that's why its logging to syslog, You can use following config to change it some custom file.

 logging:

    to_syslog: false
    to_files: true
    files:
      path: /sc/log
      name: filebeat.log
      rotateeverybytes: 10485760
      keepfiles: 7
      level: debug

Thanks a ton!
That works!

This topic was automatically closed after 21 days. New replies are no longer allowed.