I've enabled the system module, enabled syslog and auth in system.yml. Yet for some reason I still get this error:
$ sudo filebeat setup --pipelines --modules system
Exiting: module system is configured but has no enabled filesets
What else must I do, what am I missing?!
This is a Filebeat install on a Ubuntu 20.04 Logstash node, Elasticsearch and Kibana reside on separate servers.
$ filebeat version
filebeat version 8.2.3 (amd64), libbeat 8.2.3 [7826dc5e91c6e6d2487e05d3a8298f49041cd5c2 built 2022-06-08 15:51:35 +0000 UTC]
system.yml, I tried to set the paths, it made no difference:
# Module: system
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.2/filebeat-module-system.html
- module: system
# Syslog
syslog:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths: ["/path/to/log/syslog*"]
# Authorization logs
auth:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths: ["/path/to/log/auth.log*"]
filebeat.yml, set filebeat.inputs.enabled to true, which made no difference either:
[...]
# ============================== Filebeat inputs ===============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
# filestream is an input for collecting log messages from files.
- type: filestream
# Unique ID among all inputs, an ID is required.
id: my-filestream-id
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
# Exclude lines. A list of regular expressions to match. It drops the lines that are
# matching any regular expression from the list.
#exclude_lines: ['^DBG']
# Include lines. A list of regular expressions to match. It exports the lines that are
# matching any regular expression from the list.
#include_lines: ['^ERR', '^WARN']
# Exclude files. A list of regular expressions to match. Filebeat drops the files that
# are matching any regular expression from the list. By default, no files are dropped.
#prospector.scanner.exclude_files: ['.gz$']
# Optional additional fields. These fields can be freely picked
# to add additional information to the crawled log files for filtering
#fields:
# level: debug
# review: 1
[...]