Logs are still going to /var/log/messages and are not going to /var/log/filebeat. The file isn't even being created - even though the process is running as root. Selinux is set to permissive. How can I get Filebeat to log correctly?
Hi Kenneth, thanks for reaching out about filebeat on CentOS 7. Your configuration looks like what is recommended here.
After you saved the config, did you restart filebeat?
systemctl stop filebeat
systemctl start filebeat
There's also the following note. I've seen case where logs get stored only in journald. You may want to run journalctl -u filebeat.service to see if the logs are getting stored in journald.
When Filebeat is running on a Linux system with systemd, it uses by default the -e command line option, that makes it write all the logging output to stderr so it can be captured by journald. Other outputs are disabled.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.