On my server, I've Filebeat and Metricbeat installed by RPM.
So I have folders in /etc for each product : /etc/metricbeat & /etc/filebeat.
My question is about the log rotation : I have searched in the process definition, in the yaml configuration file, in the logrotate.conf file, in logrotate.d
I'm still not able to find how my logs files are managed/purged/rotated.
In /var/log/metricbeat (or /var/log/filebeat), I have 7 files, the currently written log file, and 6 backlogs. Each of these 6 backlogs have a size of 10M.
Could you please tell me if there is settings where I can set how the logs must be managed ?
Logging options can be customized using the following config options (e.g Filebeat). See more about the below options here: https://www.elastic.co/guide/en/beats/filebeat/current/configuration-logging.html
# Logging to rotating files. Set logging.to_files to false to disable logging to
# Configure the path where the logs are written. The default is the logs directory
# under the home path (the binary location).
# The name of the files where the logs are written to.
# Configure log file size limit. If limit is reached, log file will be
# automatically rotated
#rotateeverybytes: 10485760 # = 10MB
# Number of rotated log files to keep. Oldest files will be deleted first.
# The permissions mask to apply when rotating log files. The default value is 0600.
# Must be a valid Unix-style file permissions mask expressed in octal notation.
# Set to true to log messages in json format.
Thank you @kvch. It is, indeed, set where you suggest for my Filebeat installation.
I'll apply the same for Metricbeat, I assume it can be done as well as for Filebeat.
Thank you again, @kvch.
I think this topic can be closed.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.