Permission Errors

Elastic Stack Beats
1

Howdy,

Can I get filebeat to ignore permission errors and carry on reading other files?

2017-05-11T20:41:19Z ERR Failed opening /var/log/mediator/sysman.log: open /var/log/mediator/sysman.log: permission denied
2017-05-11T20:41:19Z ERR Stop Harvesting. Unexpected file opening error: open /var/log/mediator/sysman.log: permission denied

If it reaches a file it cannot read, it will just stop completely.

2

Bump

3

Hello:

You exclude particular files within a previously configured log path. For instance if you added the default path:

paths:
    - /var/log/*.log

You could add the below configuration (which is already present on config file but commented):

# Exclude files. A list of regular expressions to match. Filebeat drops the files that
# are matching any regular expression from the list. By default, no files are dropped.

exclude_files: ['^/var/log/mediator/sysman.log$']

Please note that you would to do this for every file you wished to include (or define a regular expression matching all of them, and only those to exlude)

Additionally if you do want to add this logs to what filebeat sends, you could add filebeat user to the group owning that file/folder. It will depend on the permissions but it would de really strange if then filebeat could not read the file.

Obviously the ideal solution would be devels creating a PR correcting this for future versions, but this workaround should be good enough to keep things working.

4

Feel free to open a bug report for filebeat stopping if some files are not readable.

5

Thanks both for your suggestions - Much appreciated.

Exclude files would work temporarily, but filebeat would then 'break' again if someone decided to add another application that doesn't have the correct permissions... But I might give that one a try :slight_smile:

I shall submit a bug report now - Thank you.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.