Filebeat is not logging anything


(Shawn Goetz) #1

I am unable to get filebeats to create a log file and log anything.

My Configuration is a little different. I have the main configuration file filebeat.yml. Than I have a different config file for each type of log im pulling from. To make it easier to manage configs for specific logs. The main config looks like this:

filebeat:
     config_dir: /usr/local/bin/filebeats/LogConfigs/
     prospectors:
        -
output:
    console:
        pretty: true
    logstash:
       hosts: ["host server"
       tls: 
          certificate: "/path/to/cert"
          certificate_key: "/path/to/key"
          certificate_authorities: "/path/to/RootCert"
logging:
     to_files: true
     files:
        path: /var/log/filebeat
        name: filebeat.log
        rotateeverybytes: 51002
        keepfiles: 7

(Andrew Kroh) #2

You probably need to increase the logging level. The default is error in 1.X (changed to info in 5.X), so if there are no errors then nothing will be logged. https://www.elastic.co/guide/en/beats/filebeat/current/configuration-logging.html#_level


(Shawn Goetz) #3

Thank you for the reply. I updated the config with level. And no difference:

filebeat:
     config_dir: /usr/local/bin/filebeats/LogConfigs/
     prospectors:
        -
output:
    console:
        pretty: true
    logstash:
       hosts: ["host server"
       tls: 
          certificate: "/path/to/cert"
          certificate_key: "/path/to/key"
          certificate_authorities: "/path/to/RootCert"
logging:
     level: debug
     to_files: true
     files:
        path: /var/log/filebeat
        name: filebeat.log
        rotateeverybytes: 51002
        keepfiles: 7

(ruflin) #4

Which filebeat version are you using? What is the user you start filebeat and does this user have write access to the /var/log/filebeat directory or is allowed to create the filebeat directory?


(Shawn Goetz) #5

Hey ruffin,

  I check the perms and they are as follows:

/var/log/filebeat -- 644 - root:wheel
/var/log/filebeat/filebeat.log - 644 - root:wheel

 To make sure it was perms, I did a chmod -R 777 /var/log/filebeat  and tested again and still no logs. 

This is version 1.2.3. of filebeats. Filebeats is started as root. Both manually and with my launchDaemon.

Thank you for all the help so far! I have everything working except for hte logging.

Shawn G


(ruflin) #6

Can you share the command you use to start filebeat manually?


(Shawn Goetz) #7

Hey ruffin,

The command I use is:

sudo filebeat -c /usr/local/bin/filebeats/filebeat.yml -e

I have also tried:

sudo filebeat -c /usr/local/bin/filebeats/filebeat.yml -e -v -d "*"

Thanks

Shawn


(ruflin) #8

Don't use the -e flag and then it should work.

  -e   	Log to stderr and disable syslog/file output

(Shawn Goetz) #9

Hey Ruffin,

 I can't believe I missed that. Thank you so much!!!

Shawn G


(system) #10

This topic was automatically closed after 21 days. New replies are no longer allowed.