Hi,
Could you please guide me how to prevent Logstash logging to /var/log/messages?
Thanks.
Hi,
Could you please guide me how to prevent Logstash logging to /var/log/messages?
Thanks.
Hi @pavuk
that can be changed in the logstash.yml file
/etc/logstash/logstash.yml
at the bottom
# ------------ Debugging Settings --------------
#
# Options for log.level:
# * fatal
# * error
# * warn
# * info (default)
# * debug
# * trace
#
# log.level: info
path.logs: /var/log/logstash
#
hope that helps
@lueneburger Thank you. But I have exactly the same lines at the bottom of logstash.yml file. And with
tail -f /var/log/messages
I see endless records like
.......
Oct 26 08:48:07 talk logstash: ],
Oct 26 08:48:07 talk logstash: "@timestamp" => 2017-10-26T08:48:07.000Z,
Oct 26 08:48:07 talk logstash: "build" => "",
Oct 26 08:48:07 talk logstash: "response" => 200,
Oct 26 08:48:07 talk logstash: "bytes" => 70084,
Oct 26 08:48:07 talk logstash: "name" => "Chrome",
Oct 26 08:48:07 talk logstash: "os_name" => "Windows 7",
Oct 26 08:48:07 talk logstash: "httpversion" => [
Oct 26 08:48:07 talk logstash: [0] "1.0",
Oct 26 08:48:07 talk logstash: [1] "1.0"
Oct 26 08:48:07 talk logstash: ],
Oct 26 08:48:07 talk logstash: "device" => "Other"
Oct 26 08:48:07 talk logstash: }
Oct 26 08:48:07 talk logstash: {
Oct 26 08:48:07 talk logstash: "request" => [
.........
My /var/log/messages is really huge!
Hi @pavuk,
looks like you got a stdout in your logstash output section?
something like that:
stdout { codec => rubydebug }
Yes, I have it in output. What should I do with it?
disable it and see if the log stops growing
Still no luck. Now I have
output {
elasticsearch {
hosts => ["http://xxxxx.com:9200/"]
index => "logstash-logs_%{+YYYY.MM.dd}"
document_type => "nginx_logs"
}
# stdout { codec => rubydebug }
}
restarted logstash sevice and still see logstash output in /var/log/messages
Hi @pavuk,
ah ok, im using ubuntu and it's disabled by default.
just take a look for filter/disable the audit logs
etc/rsyslog.d/50-default.conf
#*.=info;*.=notice;*.=warn;\
# auth,authpriv.none;\
# cron,daemon.none;\
# mail,news.none -/var/log/messages
Hmmm... I'm on CentOS7 and I have line
*.info;mail.none;authpriv.none;cron.none /var/log/messages
in /etc/rsyslog.conf
But it is server-wide setting. But I'd like to disable only logstash logging to /var/log/messages
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.