Hello,
I have installed in a Centos, Wazuh Manager+ Filebeat and the latter seems to work fine but after a while the filebeat.service suddenly stops working.
systemctl status filebeat.service shows:
× filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2022-02-16 16:18:01 CET; 37s ago
Docs: https://www.elastic.co/products/beats/filebeat
Process: 3236 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BE>
Main PID: 3236 (code=exited, status=2)
CPU: 47ms
feb 16 16:18:01 localhost.localdomain filebeat[3236]: rip 0x7f99eec3f43c
feb 16 16:18:01 localhost.localdomain filebeat[3236]: rflags 0x246
feb 16 16:18:01 localhost.localdomain filebeat[3236]: cs 0x33
feb 16 16:18:01 localhost.localdomain filebeat[3236]: fs 0x0
feb 16 16:18:01 localhost.localdomain filebeat[3236]: gs 0x0
feb 16 16:18:01 localhost.localdomain systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 7.
feb 16 16:18:01 localhost.localdomain systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticse>
feb 16 16:18:01 localhost.localdomain systemd[1]: filebeat.service: Start request repeated too quickly.
feb 16 16:18:01 localhost.localdomain systemd[1]: filebeat.service: Failed with result 'exit-code'.
feb 16 16:18:01 localhost.localdomain systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to E
If I manually start the service again, filebeat status is UP and seems to work fine but after a few minutes it goes down again. I have reinstalled the whole server and same result, I don't know where to look so any help would be much appreciated.
Thank you ver much
