Running filebeat as a different user or service account on Centos 6.5


(Jinal Shah) #1

Hello

What is the best way to run / start filebeat as a different user or service account on Centos 6.5?

Thanks


(Andrew Kroh) #2

I think you would have to make some modifications to /etc/init.d/filebeat. I haven't tried any of this, but here's what I would try.

Add --user USER --group GROUP to the wrapperopts in the init file. USER and GROUP are what you want to run Filebeat as. These will get passed to filebeat-god which is actually the go-daemon.

The other things you will need to account for are privileges on

  • the config files that Filebeat reads,
  • the directories where Filebeat writes logs and the registry file,
  • and the logs files that Filebeat is reading and the directories containing them.

The user must have read permissions on the log files and must have search permissions (the execute bit) on the directory containing the log files. Filebeat uses stat to collect the inode of the file and stat requires the execute permissions on the directory according to its man page.

For other CentOS users that find this thread, if you are on Centos 7 you need to modify the systemd unit file and not the init.d script.


(Jinal Shah) #3

Hi Andrew

Thanks! I'll give that a go and let you know how I get on.

Cheers!


(system) #4

This topic was automatically closed after 21 days. New replies are no longer allowed.