Metribeat 7.1.1 not logging to files, only syslog always

Hello
Metricbeat does not stop sending logs to syslog.
Even after parameter in metricbeat.yml:
logging.to_syslog: false

This happens if you run metricbeat (ubuntu 16.04):
service metricbeat start

It helps only run with command:
/usr/share/metricbeat/bin/metricbeat -c /etc/metricbeat/metricbeat.yml -path.logs /var/log/metricbeat

I also noticed that when running through systemd, command has option "-e":
/usr/share/metricbeat/bin/metricbeat -e -c /etc/metricbeat/metricbeat.yml ...

There may be a problem due to this "-e" option. But I did not find where it comes from. There is no such parameter in the /etc/init.d/metricbeat file

It is strange that this is enabled by default, but I found where syslog output is enabled.

It seems to be starting from version 7.0: https://www.elastic.co/guide/en/beats/metricbeat/7.0/configuration-logging.html

When Metricbeat is running on a Linux system with systemd, it uses by default the -e command line option, that makes it write all the logging output to stderr so it can be captured by journald. Other outputs are disabled. See Metricbeat and systemd to know more and learn how to change this.

Here is information on how to disable it: https://www.elastic.co/guide/en/beats/metricbeat/7.0/running-with-systemd.html

It is very strange that by default metricbeat writes its log to syslog. In metricbeat, by default, logging.level: info is enabled, so your syslog file will instantly overflow and it will be difficult to find something useful.

To elastic members:
Perhaps it is not necessary by default to include output in syslog? Or at least lower logging level?
Journald is a good tool, but only when there is no unnecessary information.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.