Rotated log files have incorrect permissions

When log files are rotated by metricbeat, the files created do not have the permissions specified in the metricbeat.yml file.

Here's part of metricbeat.yml:

logging.to_files: true
  path: /var/log/metricbeat
  name: metricbeat.log
  keepfiles: 14
  permissions: 0666
  interval: 24h
  rotateonstartup: true

And here are the log files in /var/log/metricbeat after it was restarted a number of times:

-rw-r-----. 1 root root 64031 Aug 11 19:10 metricbeat.log
-rw-r--r--. 1 root root   183 Aug 11 18:44 metricbeat.log-2020-08-11-1
-rw-r--r--. 1 root root  3334 Aug 11 18:44 metricbeat.log-2020-08-11-2
-rw-r-----. 1 root root 11634 Aug 11 18:45 metricbeat.log-2020-08-11-3
-rw-r-----. 1 root root 20225 Aug 11 18:49 metricbeat.log-2020-08-11-4
-rw-r-----. 1 root root 14298 Aug 11 18:51 metricbeat.log-2020-08-11-5

I don't really need 666 permissions on the log files (644 would be marvellous), it was a desperate act to see if anything would affect the file perms.

This is a security measure. Any files/folders created by Beats get a umask of 0027. This means any files will have at most 0640 permissions and any folders will have at most 0750 permissions. Essentially, we deliberately don't want any Beats-created files/folders to be world-readable.

Ref: and


1 Like

Thanks for the speedy response :slight_smile:

Can you update the documentation please? Right now it's actively misleading.

Thank you :slight_smile:

Created to request and track the documentation update.


1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.