I followed tutorial how to create new beat (https://www.elastic.co/guide/en/beats/devguide/current/new-beat.html). With tutorial I didn't have much problems. Since trying to add some logic to new beat I encountered something strange. I wanted to execute command within Run function inside beater/xxx.go. I added following to xxx.go:
import (
[...]
"os/exec"
[...]
)
Under the:
func (bt *xxx) Run(b *beat.Beat) error {
[...]
command := exec.Command("python", "path/py.py")
[...] }
I always receive error:
fork/exec /usr/bin/python: operation not permitted
I've got ubuntu 18.04, virtualenv 15.1.0 and go version: go 1.10.3 linux/amd64
Andrew i've tried both methods. One worked, another didn't. With flag -E seccomp.enabled=false It worked like a charm. With seccomp.enabled: false in configuration file It didn't. I suppose I made this overwrite in wrong configuration file. I added seccomp.enabled: false to _meta/beat.yml like:
################### xxx Configuration Example #########################
You would want to add seccomp.enabled: false to the configuration file that you are loading into your Beat. That is the file specified with -c beatname.yml on the CLI.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.