Filebeat system pipeline setup fails

dmgeurts · June 22, 2022, 11:30am

I've enabled the system module, enabled syslog and auth in system.yml. Yet for some reason I still get this error:

$ sudo filebeat setup --pipelines --modules system
Exiting: module system is configured but has no enabled filesets

What else must I do, what am I missing?!

This is a Filebeat install on a Ubuntu 20.04 Logstash node, Elasticsearch and Kibana reside on separate servers.

$ filebeat version
filebeat version 8.2.3 (amd64), libbeat 8.2.3 [7826dc5e91c6e6d2487e05d3a8298f49041cd5c2 built 2022-06-08 15:51:35 +0000 UTC]

system.yml, I tried to set the paths, it made no difference:

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.2/filebeat-module-system.html

- module: system
  # Syslog
  syslog:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: ["/path/to/log/syslog*"]

  # Authorization logs
  auth:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: ["/path/to/log/auth.log*"]

filebeat.yml, set filebeat.inputs.enabled to true, which made no difference either:

[...]
# ============================== Filebeat inputs ===============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

# filestream is an input for collecting log messages from files.
- type: filestream

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*

  # Exclude lines. A list of regular expressions to match. It drops the lines that are
  # matching any regular expression from the list.
  #exclude_lines: ['^DBG']

  # Include lines. A list of regular expressions to match. It exports the lines that are
  # matching any regular expression from the list.
  #include_lines: ['^ERR', '^WARN']

  # Exclude files. A list of regular expressions to match. Filebeat drops the files that
  # are matching any regular expression from the list. By default, no files are dropped.
  #prospector.scanner.exclude_files: ['.gz$']

  # Optional additional fields. These fields can be freely picked
  # to add additional information to the crawled log files for filtering
  #fields:
  #  level: debug
  #  review: 1
[...]

system · July 20, 2022, 1:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat setup: "Exiting: module system is configured but has no enabled filesets" Beats filebeat	3	10014	September 5, 2022
Create pipeline for module Beats filebeat	3	264	December 16, 2020
Filebeat 7.0.1 system module setup (with logstash) no system fields in document Beats filebeat	1	483	June 7, 2019
Error using oracle module Beats filebeat	1	386	July 7, 2021
Filebeat's System Module not parsing "message" in syslogs Beats filebeat	1	946	June 16, 2020

Filebeat system pipeline setup fails

Related topics