Hey guys,
I've had a decent set of beats configs distributed by puppet and running well for oh about a month at this point. When suddenly packetbeat as of yesterday stopped functioning. There were know known changes. Must be solar winds or something.
Anyway, when I stopped puppet on one of the hosts and ran packetbeat manually it refused to start. I tried starting it with the service first. Then completely manually after that failed.
This is what I got when I tried it manually:
[root@web1:~] #/usr/bin/packetbeat -c /etc/packetbeat/packetbeat.yml
Loading config file error: YAML config parsing failed on /etc/packetbeat/packetbeat.yml: yaml: unmarshal errors:
line 20: cannot unmarshal !!seq into outputs.MothershipConfig
line 21: cannot unmarshal !!str `http` into outputs.MothershipConfig
line 22: cannot unmarshal !!str `admin` into outputs.MothershipConfig
line 23: cannot unmarshal !!str `secretpass` into outputs.MothershipConfig
line 24: cannot unmarshal !!str `packetb...` into outputs.MothershipConfig. Exiting.
Odd so I tried parsing the file using some online yaml parsers. I tried parsing the config both here:
And here:
yaml-online-parser.appspot.com
And the file passed both times with both yaml parsers. Here's my config file that's generating the error:
interfaces:
device: any
protocols:
dns:
ports: [53]
include_authorities: true
include_additionals: true
http:
ports: [80, 443, 5000]
memcache:
ports: [11211, 11212]
mysql:
ports: [3306]
pgsql:
redis:
thrift:
ports: [9042]
output:
elasticsearch:
hosts: ["logs.example.com:9200"]
protocol: "http"
username: "admin"
password: “secret”
index: "packetbeat-"
tls:
certificate_authorities: ["/etc/pki/CA/certs/ca.crt"]
shipper:
tags: ["jokefire-dev", "web-tier"]
logging:
I can't figure out why this file is generating these errors. Any help here would be appreciated!!
Thanks