I've had a decent set of beats configs distributed by puppet and running well for oh about a month at this point. When suddenly packetbeat as of yesterday stopped functioning. There were know known changes. Must be solar winds or something.
Anyway, when I stopped puppet on one of the hosts and ran packetbeat manually it refused to start. I tried starting it with the service first. Then completely manually after that failed.
This is what I got when I tried it manually:
[root@web1:~] #/usr/bin/packetbeat -c /etc/packetbeat/packetbeat.yml Loading config file error: YAML config parsing failed on /etc/packetbeat/packetbeat.yml: yaml: unmarshal errors: line 20: cannot unmarshal !!seq into outputs.MothershipConfig line 21: cannot unmarshal !!str `http` into outputs.MothershipConfig line 22: cannot unmarshal !!str `admin` into outputs.MothershipConfig line 23: cannot unmarshal !!str `secretpass` into outputs.MothershipConfig line 24: cannot unmarshal !!str `packetb...` into outputs.MothershipConfig. Exiting.
Odd so I tried parsing the file using some online yaml parsers. I tried parsing the config both here:
And the file passed both times with both yaml parsers. Here's my config file that's generating the error:
interfaces: device: any protocols: dns: ports:  include_authorities: true include_additionals: true http: ports: [80, 443, 5000] memcache: ports: [11211, 11212] mysql: ports:  pgsql: redis: thrift: ports:  output: elasticsearch: hosts: ["logs.example.com:9200"] protocol: "http" username: "admin" password: “secret” index: "packetbeat-" tls: certificate_authorities: ["/etc/pki/CA/certs/ca.crt"] shipper: tags: ["jokefire-dev", "web-tier"] logging:
I can't figure out why this file is generating these errors. Any help here would be appreciated!!