I have filebeat running on a docker container, on the documentation it says that when activating a module, if i leave the paths as default it will choose the path based on the OS.
Obviously i want to capture the log files of the HOST.
How is filebeat made aware of the HOST OS in order to make that decision ? or will it just assume the paths of the container OS?
hi @micas,
How is filebeat made aware of the HOST OS in order to make that decision ? or will it just assume the paths of the container OS?
The filebeat input (log in this case) will detect which operating system is running on and depending on the modules/filesets enabled different default paths are configured in the manifest.yml file. For example system module, syslog fileset here are the default paths https://github.com/elastic/beats/blob/master/filebeat/module/system/syslog/manifest.yml.
Just to make it clear, so if i have it running on a HOST system running Darwin and use a docker container running debian with filebeat inside it, it will default to the paths of debian and not be able to identify that is running on a darwin host.
Any setting i can use to bypass this behaviour? Like being able to globally tell filebeat and others that they should use darwin paths by default with a certain prefix say "/hostfs/..." ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.