Issue with logstash on aarch64

doctorhey · May 23, 2018, 5:24pm

Our logstash user is a system-level account with nologin

[root@cav01 ~]# id logstash
uid=296(logstash) gid=985(logstash) groups=985(logstash),0(root)

[root@cav01 ~]# grep logstash /etc/passwd
logstash:x:296:985:logstash:/usr/share/logstash:/sbin/nologin

And:

[root@cav01 ~]# ps -p 69796 -o pid,euid,egid,fuid
  PID  EUID  EGID  FUID
69796   296   985   296

And you're correct, this is NOT a remote mount of any sort.

Thanks for trudging through this with me! I've been staring at it for days trying various combinations of things to no avail.