I'm trying to get the Filebeat service to log to /var/log/filebeat.log on Centos 7. I added the following to the config:
logging.level: debug logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0644
Logs are still going to /var/log/messages and are not going to /var/log/filebeat. The file isn't even being created - even though the process is running as root. Selinux is set to permissive. How can I get Filebeat to log correctly?