I'm trying to set up filebeat on Ubuntu, to send system log data to Logstash. I am having issues setting up the "filebeat system" module.
Upon running:
sudo filebeat setup --pipelines --modules system
I receive the error message
Exiting: module system is configured but has no enabled filesets
I know this has to do with the modules.d/system.yml config but nothing I do seems to work. This is on an Ubuntu 22.04 VM running in Azure. I confirmed the same issue on 20.04. From creating the VM in Azure, here are the exact steps taken upon first login:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update
sudo apt-get install filebeat -y
sudo filebeat modules enable system
sudo vim /etc/filebeat/modules.d/system.yml
At this point I edit the system.yml file so that it reads as follows:
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.3/filebeat-module-system.html
- module: system
# Syslog
syslog:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
# Authorization logs
auth:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
Then when I run:
sudo filebeat setup --pipelines --modules system
I receive the error
Exiting: module system is configured but has no enabled filesets
This appears to be the same issue as mentioned in the closed topic located at:
That one didn't get any replies but I'm also having the issue so I'll post again. Thanks very much to anyone with any insight for me!
I think the docs may be a bit out of date as I don't think you need to specify the modules list any more.