Logs are stopped

Arraso26 · April 5, 2022, 10:35am

well, the logs come to me fine for about 50 minutes but suddenly it stops, if anyone knows how to fix it I would appreciate it, here are the logs and the configuration files.

2022-04-05T12:25:01.688+0200    INFO    beater/filebeat.go:456  Stopping filebeat
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:148   Stopping Crawler
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:158   Stopping 1 inputs
2022-04-05T12:25:01.688+0200    INFO    cfgfile/reload.go:190   Dynamic config reloader stopped
2022-04-05T12:25:01.688+0200    INFO    [reload]        cfgfile/list.go:118     Stopping 2 runners ...
2022-04-05T12:25:01.688+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    [crawler]       beater/crawler.go:163   Stopping input: 3673764936556454733
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/auth.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /server/www/html/log.es/logs/access.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/apache2/access.log.1. Closing.
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/syslog. Closing.
2022-04-05T12:25:01.693+0200    INFO    beater/crawler.go:178   Crawler stopped
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:367      Stopping Registrar
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:293      Ending Registrar
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:153  Total non-zero metrics  {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":890,"time":{"ms":894}},"total":{"ticks":3960,"time":{"ms":3964},"value":3960},"user":{"ticks":3070,"time":{"ms":3070}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"c0eb3962-4c5b-4cb3-9aea-d44b9702ba38","uptime":{"ms":2976889}},"memstats":{"gc_next":18810992,"memory_alloc":14071960,"memory_total":726142080,"rss":46952448},"runtime":{"goroutines":13}},"filebeat":{"events":{"added":5067,"done":5067},"harvester":{"closed":15,"open_files":0,"running":0,"started":15}},"libbeat":{"config":{"module":{"running":0},"reloads":1,"scans":297},"output":{"events":{"acked":5026,"batches":306,"failed":10,"total":5036},"read":{"bytes":1896,"errors":1},"type":"logstash","write":{"bytes":389243}},"pipeline":{"clients":0,"events":{"active":0,"filtered":41,"published":5026,"retry":1494,"total":5067},"queue":{"acked":5026}}},"registrar":{"states":{"current":15,"update":5067},"writes":{"success":346,"total":346}},"system":{"cpu":{"cores":1},"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.05,"5":0.01}}}}}}
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:154  Uptime: 49m36.890648322s
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:131  Stopping metrics logging.
2022-04-05T12:25:01.704+0200    INFO    instance/beat.go:469    filebeat stopped.

filebeat.inputs:
- type: log
  paths:
    - /server/www/html/log.es/logs/access.log
    - /server/www/html/log.es/logs/error.log
    - /server/www/html/internet.log.es/logs/error.log
    - /server/www/html/internet.log.es/logs/access.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true

setup.template.settings:
  index.number_of_shards: 3

logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0640
output.logstash:
  hosts: ["IP:5044"]


version: '3.7'

services:
  elasticsearch:
    image: elasticsearch:7.9.2
    ports:
      - '9200:9200'
    environment:
      - discovery.type=single-node
    ulimits:
      memlock:
        soft: -1
        hard: -1


  kibana:
    image: kibana:7.9.2
    ports:
      - '5601:5601'

  logstash:
    image: logstash:7.9.2
    ports:
      - '5044:5044'
    volumes:
      - type: bind
        source: ./logstash_pipeline/
        target: /usr/share/logstash/pipeline
        read_only: true

input {
  beats {
    port => 5044
  }
}
filter {
  grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }
  geoip { source => "clientip" }
}
output {
  elasticsearch {
    hosts => ["http://192.168.14.82:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}"
  }
}

kvch · April 5, 2022, 12:41pm

Could you please share debug logs of Filebeat? Are the input files rotated somehow? Do you see any errors in the logs of Logstash?

Arraso26 · April 5, 2022, 12:45pm

these are my filebeat logs, and in the logstrash, being mounted in docker, I see the logs in real time and I haven't seen anything out of the ordinary, it's as if at a certain moment it stops.

2022-04-05T12:24:54.869+0200    INFO    [monitoring]    log/log.go:145  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":890,"time":{"ms":3}},"total":{"ticks":3950,"time":{"ms":22},"value":3950},"user":{"ticks":3060,"time":{"ms":19}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"c0eb3962-4c5b-4cb3-9aea-d44b9702ba38","uptime":{"ms":2970057}},"memstats":{"gc_next":18810992,"memory_alloc":13629824,"memory_total":725699944,"rss":1077248},"runtime":{"goroutines":69}},"filebeat":{"events":{"added":4,"done":4},"harvester":{"files":{"4a2984ba-7edb-4fdc-abab-90cc15184579":{"last_event_published_time":"2022-04-05T12:24:35.216Z","last_event_timestamp":"2022-04-05T12:24:30.215Z","read_offset":293,"size":293},"92978114-a8ed-4215-ae2e-6c88fbb8ba55":{"last_event_published_time":"2022-04-05T12:24:25.139Z","last_event_timestamp":"2022-04-05T12:24:25.139Z","read_offset":137,"size":548},"af1d7146-d8a1-4422-be9e-b60aaca2a5da":{"size":3045}},"open_files":4,"running":4}},"libbeat":{"config":{"module":{"running":0},"scans":3},"output":{"events":{"acked":4,"batches":3,"total":4},"read":{"bytes":18},"write":{"bytes":1500}},"pipeline":{"clients":5,"events":{"active":0,"published":4,"total":4},"queue":{"acked":4}}},"registrar":{"states":{"current":15,"update":4},"writes":{"success":3,"total":3}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.05,"5":0.01}}}}}}
2022-04-05T12:25:01.688+0200    INFO    beater/filebeat.go:456  Stopping filebeat
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:148   Stopping Crawler
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:158   Stopping 1 inputs
2022-04-05T12:25:01.688+0200    INFO    cfgfile/reload.go:190   Dynamic config reloader stopped
2022-04-05T12:25:01.688+0200    INFO    [reload]        cfgfile/list.go:118     Stopping 2 runners ...
2022-04-05T12:25:01.688+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    [crawler]       beater/crawler.go:163   Stopping input: 3673764936556454733
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/auth.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /server/www/html/log.es/logs/access.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/apache2/access.log.1. Closing.
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/syslog. Closing.
2022-04-05T12:25:01.693+0200    INFO    beater/crawler.go:178   Crawler stopped
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:367      Stopping Registrar
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:293      Ending Registrar
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:153  Total non-zero metrics  {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":890,"time":{"ms":894}},"total":{"ticks":3960,"time":{"ms":3964},"value":3960},"user":{"ticks":3070,"time":{"ms":3070}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"c0eb3962-4c5b-4cb3-9aea-d44b9702ba38","uptime":{"ms":2976889}},"memstats":{"gc_next":18810992,"memory_alloc":14071960,"memory_total":726142080,"rss":46952448},"runtime":{"goroutines":13}},"filebeat":{"events":{"added":5067,"done":5067},"harvester":{"closed":15,"open_files":0,"running":0,"started":15}},"libbeat":{"config":{"module":{"running":0},"reloads":1,"scans":297},"output":{"events":{"acked":5026,"batches":306,"failed":10,"total":5036},"read":{"bytes":1896,"errors":1},"type":"logstash","write":{"bytes":389243}},"pipeline":{"clients":0,"events":{"active":0,"filtered":41,"published":5026,"retry":1494,"total":5067},"queue":{"acked":5026}}},"registrar":{"states":{"current":15,"update":5067},"writes":{"success":346,"total":346}},"system":{"cpu":{"cores":1},"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.05,"5":0.01}}}}}}
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:154  Uptime: 49m36.890648322s
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:131  Stopping metrics logging.
2022-04-05T12:25:01.704+0200    INFO    instance/beat.go:469    filebeat stopped.

system · May 3, 2022, 2:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.