I'm going through a heck of a learning process here.
I'm trying to setup filebeat on a RHEL server.
We've got filebeat installed and I believe we have all the permissions setup correctly but when I try to start the service it kind of hangs.
I say kind of because the command I'm using to start it
sudo systemctl start filebeat
never finishes activating, I never get control of the terminal back
BUT
during the ~20 minutes while it timesout, filebeat is working and shipping logs to our logstash like there's nothing wrong.
Here's the permissions I think are noteworthy:
/etc/filebeat/filebeat.yml is set to chmod 640
and
filebeat is running as root
Am I missing anything here? Why won't filebeat successfully finish activating?