sgoetz
September 6, 2016, 7:40pm
1
I am unable to get filebeats to create a log file and log anything.
My Configuration is a little different. I have the main configuration file filebeat.yml. Than I have a different config file for each type of log im pulling from. To make it easier to manage configs for specific logs. The main config looks like this:
filebeat:
config_dir: /usr/local/bin/filebeats/LogConfigs/
prospectors:
-
output:
console:
pretty: true
logstash:
hosts: ["host server"
tls:
certificate: "/path/to/cert"
certificate_key: "/path/to/key"
certificate_authorities: "/path/to/RootCert"
logging:
to_files: true
files:
path: /var/log/filebeat
name: filebeat.log
rotateeverybytes: 51002
keepfiles: 7
andrewkroh
September 6, 2016, 7:49pm
2
You probably need to increase the logging level. The default is error in 1.X (changed to info in 5.X), so if there are no errors then nothing will be logged. https://www.elastic.co/guide/en/beats/filebeat/current/configuration-logging.html#_level
sgoetz
September 6, 2016, 8:10pm
3
Thank you for the reply. I updated the config with level. And no difference:
filebeat:
config_dir: /usr/local/bin/filebeats/LogConfigs/
prospectors:
-
output:
console:
pretty: true
logstash:
hosts: ["host server"
tls:
certificate: "/path/to/cert"
certificate_key: "/path/to/key"
certificate_authorities: "/path/to/RootCert"
logging:
level: debug
to_files: true
files:
path: /var/log/filebeat
name: filebeat.log
rotateeverybytes: 51002
keepfiles: 7
1 Like
ruflin
September 8, 2016, 6:45am
4
Which filebeat version are you using? What is the user you start filebeat and does this user have write access to the /var/log/filebeat directory or is allowed to create the filebeat directory?
sgoetz
September 8, 2016, 1:58pm
5
Hey ruffin,
I check the perms and they are as follows:
/var/log/filebeat -- 644 - root:wheel
To make sure it was perms, I did a chmod -R 777 /var/log/filebeat and tested again and still no logs.
This is version 1.2.3. of filebeats. Filebeats is started as root. Both manually and with my launchDaemon.
Thank you for all the help so far! I have everything working except for hte logging.
Shawn G
ruflin
September 8, 2016, 2:46pm
6
Can you share the command you use to start filebeat manually?
sgoetz
September 8, 2016, 4:04pm
7
Hey ruffin,
The command I use is:
sudo filebeat -c /usr/local/bin/filebeats/filebeat.yml -e
I have also tried:
sudo filebeat -c /usr/local/bin/filebeats/filebeat.yml -e -v -d "*"
Thanks
Shawn
ruflin
September 8, 2016, 8:50pm
8
Don't use the -e flag and then it should work.
-e Log to stderr and disable syslog/file output
3 Likes
sgoetz
September 8, 2016, 9:46pm
9
Hey Ruffin,
I can't believe I missed that. Thank you so much!!!
Shawn G
system
September 27, 2016, 7:40pm
10
This topic was automatically closed after 21 days. New replies are no longer allowed.