Filebeat installation is deleted from the file system

suresh123 · May 21, 2020, 2:48pm

Hi,

I have installed filebeat on client machine, after some hours, file beat installation is deleted and saved as filebeat.rmv file and modules.d/ remained.

I have installed it through yum

Can someone please look into this

Regards,
Suresh

Christian_Dahlqvist · May 22, 2020, 4:16am

Sounds like you might have some security or anti-virus software running.

suresh123 · May 22, 2020, 6:18am

I got below output from /var/log/messages

May 22 00:59:43 hostname filebeat: 2020-05-22T00:59:43.588Z#011INFO#011log/harvester.go:297#011Harvester started for file: my.log
May 22 01:00:07 hostname filebeat: 2020-05-22T01:00:07.900Z#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":162450,"time":{"ms":56}},"total":{"ticks":471540,"time":{"ms":233},"value":471540},"user":{"ticks":309090,"time":{"ms":177}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":17},"info":{"ephemeral_id":"531bd79c-a392-435c-b92d-739cc4c5eeec","uptime":{"ms":60270288}},"memstats":{"gc_next":14485136,"memory_alloc":11934040,"memory_total":68453446152},"runtime":{"goroutines":65}},"filebeat":{"events":{"added":1303,"done":1303},"harvester":{"files":{"1d5670a2-491f-4105-896e-4952a6bfa25d":{"last_event_published_time":"2020-05-22T01:00:07.707Z","last_event_timestamp":"2020-05-22T01:00:07.707Z","read_offset":1014,"size":1015},"2172bf47-ea33-467f-8f99-0344fc826a05":{"last_event_published_time":"2020-05-22T01:00:02.851Z","last_event_timestamp":"2020-05-22T01:00:02.851Z","read_offset":11676,"size":11674},"36b2eace-86eb-49c8-9669-cf3f47ea874c":{"last_event_published_time":"2020-05-22T01:00:02.602Z","last_event_timestamp":"2020-05-22T01:00:02.602Z","name":app1.log","read_offset":65781,"size":7125,"start_time":"2020-05-22T00:59:43.588Z"},"57c63cd2-3302-4116-b626-31a7dddc7d4f":{"last_event_published_time":"2020-05-22T01:00:07.012Z","last_event_timestamp":"2020-05-22T01:00:07.011Z","read_offset":13182,"size":13182},"9812f5bb-0732-4409-b123-4fa20639a994":{"last_event_published_time":"2020-05-22T00:59:39.597Z","last_event_timestamp":"2020-05-22T00:59:39.597Z","read_offset":22203,"size":80861},"b1f3f7f3-1a8f-435a-89d5-e797f0280259":{"last_event_published_time":"2020-05-22T00:59:57.167Z","last_event_timestamp":"2020-05-22T00:59:57.167Z","read_offset":24193,"size":24194},"f1a861b7-39be-4389-b54a-53473deae422":{"last_event_published_time":"2020-05-22T01:00:02.274Z","last_event_timestamp":"2020-05-22T01:00:02.274Z","read_offset":1206,"size":1206}},"open_files":7,"running":7,"started":1}},"libbeat":{"config":{"module":{"running":0},"scans":3},"output":{"events":{"acked":1302,"batches":13,"total":1302},"read":{"bytes":78},"write":{"bytes":114157}},"pipeline":{"clients":2,"events":{"active":1,"filtered":1,"published":1302,"total":1303},"queue":{"acked":1302}}},"registrar":{"states":{"current":18,"update":1303},"writes":{"success":14,"total":14}},"system":{"load":{"1":0.19,"15":0.02,"5":0.07,"norm":{"1":0.0238,"15":0.0025,"5":0.0088}}}}}}
May 22 01:00:08 hostname ansible-systemd: Invoked with no_block=False force=None name=filebeat daemon_reexec=False enabled=None daemon_reload=False state=stopped masked=None scope=None user=None
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011beater/filebeat.go:449#011Stopping filebeat
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011beater/crawler.go:138#011Stopping Crawler
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011beater/crawler.go:148#011Stopping 2 inputs
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011cfgfile/reload.go:201#011Dynamic config reloader stopped
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011input/input.go:149#011input ticker stopped
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011input/input.go:167#011Stopping Input: 12291032958824686943
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011input/input.go:149#011input ticker stopped
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011input/input.go:167#011Stopping Input: 1302838674391881059
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011log/harvester.go:320#011Reader was closed: /var/log/nginx/access_debug_server.log. Closing.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011log/harvester.go:320#011Reader was closed: /var/log/nginx/access.log. Closing.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011log/harvester.go:320#011Reader was closed: app.log. Closing.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011log/harvester.go:320#011Reader was closed: app1.log. Closing.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011log/harvester.go:320#011Reader was closed: /app2.log. Closing.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011log/harvester.go:320#011Reader was closed: app1.log Closing.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.789Z#011INFO#011log/harvester.go:320#011Reader was closed: app3.log. Closing.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.790Z#011INFO#011beater/crawler.go:164#011Crawler stopped
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.790Z#011INFO#011registrar/registrar.go:367#011Stopping Registrar
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.790Z#011INFO#011registrar/registrar.go:293#011Ending Registrar
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.796Z#011INFO#011[monitoring]#011log/log.go:153#011Total non-zero metrics#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":162450,"time":{"ms":162455}},"total":{"ticks":471560,"time":{"ms":471566},"value":471560},"user":{"ticks":309110,"time":{"ms":309111}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":10},"info":{"ephemeral_id":"531bd79c-a392-435c-b92d-739cc4c5eeec","uptime":{"ms":60271184}},"memstats":{"gc_next":15413760,"memory_alloc":7781592,"memory_total":68455815264,"rss":100941824},"runtime":{"goroutines":14}},"filebeat":{"events":{"added":2515993,"done":2515993},"harvester":{"closed":95,"open_files":0,"running":0,"started":95}},"libbeat":{"config":{"module":{"running":0},"reloads":1,"scans":6026},"output":{"events":{"acked":2515782,"batches":21906,"failed":362,"total":2516144},"read":{"bytes":131592},"type":"logstash","write":{"bytes":219188745,"errors":3}},"pipeline":{"clients":0,"events":{"active":0,"filtered":211,"published":2515782,"retry":2562,"total":2515993},"queue":{"acked":2515782}}},"registrar":{"states":{"cleanup":25,"current":18,"update":2515993},"writes":{"success":22025,"total":22025}},"system":{"cpu":{"cores":8},"load":{"1":0.19,"15":0.02,"5":0.07,"norm":{"1":0.0238,"15":0.0025,"5":0.0088}}}}}}
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.796Z#011INFO#011[monitoring]#011log/log.go:154#011Uptime: 16h44m31.185857578s
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.796Z#011INFO#011[monitoring]#011log/log.go:131#011Stopping metrics logging.
May 22 01:00:08 hostname filebeat: 2020-05-22T01:00:08.796Z#011INFO#011instance/beat.go:444#011filebeat stopped.
May 22 01:00:09 hostname ansible-yum: Invoked with lock_timeout=30 update_cache=False disable_excludes=None exclude= allow_downgrade=False disable_gpg_check=False conf_file=None use_backend=auto state=absent disablerepo= releasever=None skip_broken=False autoremove=False download_dir=None enable_plugin= installroot=/ install_weak_deps=True name=['filebeat'] download_only=False bugfix=False list=None install_repoquery=True update_only=False disable_plugin= enablerepo= security=False validate_certs=True
May 22 01:00:27 hostname yum[31410]: Erased: filebeat-7.7.0-1.x86_64

suresh123 · May 22, 2020, 4:39pm

External script was removed filebeat.

Issue resolved we can close the thread

system · June 19, 2020, 4:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.