Hello all,
I been tying to find a solution for this since long. Trying to reach out to the community.
The logstash is filling up the file /var/log/messages file space,
I understand logstash does not log to /var/log/message, it writes to stdout and it logs to /var/log/logstash.
I am running logstash as a service and I think it may be because the service manager is configured to cc the stdout of a service to /var/log/messages which then the service manager will write to /var/log/messages. I don't think Ican reconfigure service manager. I edited the log4j.proprties file of logstah where I commented out the following lines and restarted logstash service and the system , still the logstash is logging everysecond the logs to /var/log/messages
<
rootLogger.appenderRef.console.ref = ${sys:ls.log.format}_console
logger.slowlog.appenderRef.console_slowlog.ref = ${sys:ls.log.format}_console_slowlog
/>
I also tried to create a new empty file with name /var/log/messages and renamed the old file as messagesold. That did not help as well. The messages are still getting logged to /var/log/messagesold.
Is there any way I could delete these file or rotate it to delete the first 10 gig of data inside /var/log/message file when it reaches 50 Gig.
I am afraid if I delete the file itself I don't see any more data in my elastic search or kibana.
Also, will need to manually delete everytime the file becomes more than 50gig.
Regards,
Zanoob