Filebeat-god is stopped

Mursel · December 12, 2023, 1:23pm

I have installed wazuh in docker. After users count reached 100 filebeat has stopped.

service filebeat start
Failed to get D-Bus connection: Operation not permitted
Starting filebeat: 2023-12-12T13:18:58.565Z     INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2023-12-12T13:18:58.569Z        INFO    instance/beat.go:653    Beat ID: 52e54f56-c1b5-4395-9406-224ed23138e3
2023-12-12T13:18:58.570Z        INFO    [beat]  instance/beat.go:981    Beat info       {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "52e54f56-c1b5-4395-9406-224ed23138e3"}}}
2023-12-12T13:18:58.572Z        INFO    [beat]  instance/beat.go:990    Build info      {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2023-12-12T13:18:58.572Z        INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2023-12-12T13:18:58.577Z        INFO    [beat]  instance/beat.go:997    Host info       {"system_info": {"host": {"architecture":"x86_64","boot_time":"2023-12-12T12:54:54Z","containerized":true,"name":"wazuh-worker","ip":["127.0.0.1/8","172.18.0.5/16"],"kernel_version":"3.10.0-1160.el7.x86_64","mac":["02:42:ac:12:00:05"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":9,"patch":2009,"codename":"Core"},"timezone":"UTC","timezone_offset_sec":0,"id":"84f55c0a6ce22145a8d78ffa2a4c708a"}}}
2023-12-12T13:18:58.579Z        INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 1578, "ppid": 1577, "seccomp": {"mode":"filter","no_new_privs":false}, "start_time": "2023-12-12T13:18:55.510Z"}}}
2023-12-12T13:18:58.580Z        INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.2
2023-12-12T13:18:58.585Z        INFO    eslegclient/connection.go:99    elasticsearch url: https://elasticsearch:9200
2023-12-12T13:18:58.619Z        INFO    [publisher]     pipeline/module.go:113  Beat name: wazuh-worker
2023-12-12T13:18:58.636Z        INFO    beater/filebeat.go:117  Enabled modules/filesets: wazuh (alerts),  ()
Config OK
                                                           [  OK  ]```

Mursel · December 12, 2023, 1:24pm

Filebeat test output is

filebeat test output
elasticsearch: https://elasticsearch:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.18.0.7
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

Mursel · December 13, 2023, 6:06am

When agents are up , log does not coming.

Mursel · December 13, 2023, 6:07am

waz2

system · January 10, 2024, 6:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.