I've enabled the system module, enabled syslog and auth in system.yml. Yet for some reason I still get this error:
$ sudo filebeat setup --pipelines --modules system Exiting: module system is configured but has no enabled filesets
What else must I do, what am I missing?!
This is a Filebeat install on a Ubuntu 20.04 Logstash node, Elasticsearch and Kibana reside on separate servers.
$ filebeat version filebeat version 8.2.3 (amd64), libbeat 8.2.3 [7826dc5e91c6e6d2487e05d3a8298f49041cd5c2 built 2022-06-08 15:51:35 +0000 UTC]
system.yml, I tried to set the paths, it made no difference:
# Module: system # Docs: https://www.elastic.co/guide/en/beats/filebeat/8.2/filebeat-module-system.html - module: system # Syslog syslog: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: ["/path/to/log/syslog*"] # Authorization logs auth: enabled: true # Set custom paths for the log files. If left empty, # Filebeat will choose the paths depending on your OS. #var.paths: ["/path/to/log/auth.log*"]
filebeat.yml, set filebeat.inputs.enabled to true, which made no difference either:
[...] # ============================== Filebeat inputs =============================== filebeat.inputs: # Each - is an input. Most options can be set at the input level, so # you can use different inputs for various configurations. # Below are the input specific configurations. # filestream is an input for collecting log messages from files. - type: filestream # Unique ID among all inputs, an ID is required. id: my-filestream-id # Change to true to enable this input configuration. enabled: true # Paths that should be crawled and fetched. Glob based paths. paths: - /var/log/*.log #- c:\programdata\elasticsearch\logs\* # Exclude lines. A list of regular expressions to match. It drops the lines that are # matching any regular expression from the list. #exclude_lines: ['^DBG'] # Include lines. A list of regular expressions to match. It exports the lines that are # matching any regular expression from the list. #include_lines: ['^ERR', '^WARN'] # Exclude files. A list of regular expressions to match. Filebeat drops the files that # are matching any regular expression from the list. By default, no files are dropped. #prospector.scanner.exclude_files: ['.gz$'] # Optional additional fields. These fields can be freely picked # to add additional information to the crawled log files for filtering #fields: # level: debug # review: 1 [...]