Sincedb_path files are not created (logstash 2.4)

Guenhael · September 6, 2016, 2:40pm

My config file in logstash/conf.d directory contains a sincedb_path directive in an input/file section :
input {
file
{
path => "/var/log/myfile"
sincedb_path => "/root/sincedb/sincedb.db"
}
}
output {
....
}

... but no sincedb.db file is not created when logstash runs. The rights are Ok in /root/sincedb directory (logstash:logstash).
I activated --debug logs in logstash VM :

With this configuration, a trace saying "file grew : /var/log/myfile: old size 0, new size 330851 ..." is continuously displayed in log file althgough "myfile" does not change ... Probably linked to the fact that no sincedb file are created, ... but nonethelees, logstash does produce any additionnal output (so it knows, don't know how without sincedb file, that no new line have been appended)
When I append a new line in "myfile", log says "file grew : /var/log/myfile: old size 0, new size 331449 ..." followed by everal log lines "Received line" ... ending by an exception in plugin Logstash::Inputs::File" ... this exception is a ENOENT one,

It seems thats logstash tries to create a file whose name is
/root/sincedb/sincedb.db.15506.2290.753894 ... and fails to create it ...

2290 is the logstash JVM PID. For each new log, I always have the "15506" value (thought it was the input file inode .. but it is not ...), and "753894" changes for each new log (suppose it is a timestamp at the time it tries to create the file).

Can anyone explain what happens there : why logstash cannot create the file, and explain the values used to build the filename ?

Thnsk,

Guenhaël

warkolm · September 7, 2016, 2:20am

What user are you running LS as?

magnusbaeck · September 7, 2016, 6:21am

Why would you want to create the sincedb files under /root? What's wrong with the default path? What are the file permissions of /root?

Guenhael · September 7, 2016, 12:24pm

Hi, thanks for answering,

well, since this "sincedb_path" option exists, I suppose I can use it to specify my own path no ? I have chosen the /root/sincedb directory, who has got the rw rights for user "logstash".
As the documentation says that this option has to specify a file, I have specified "/root/sinced/ myfile in the sincedb_path option. With that parameter, it tries to create a file but it fails ... probably due to rights problems.
I start LS connected as root, using the "systemctl start logstash" command on My Centos ...
By the way, can you tell me what are the 3 figures added after the"myfile" prefix ?

Thanks for your help,

Guenhaël

Guenhael · September 7, 2016, 12:35pm

Hi, thanks for answering,

Indeed, the problem is obviously due to rights problems.
I start LS connected as root, using the "systemctl start logstash" command on My Centos ...
The init.d script does the appropriate things to start the LS VM as logstasg, since I see, using "ps", that this VM is started with user "logstash".

The sincedb_path parameter contains /root/sincedb/myfile, and the user "logstash" has got rw rights on /root/sincedb directory, so should be able to create files in that directory no ?
.. but I see that it cannot create a "/root/sincedb/myfile.xxx.yyy.zzz" file ... and I'm also wondering what are those 3 figures xxx, yyy and zzz (one the the LS VM PID, but whart about the 2 others ?)

Thanks for your help,

Guenhaël

magnusbaeck · September 7, 2016, 1:04pm

The sincedb_path parameter contains /root/sincedb/myfile, and the user "logstash" has got rw rights on /root/sincedb directory, so should be able to create files in that directory no ?

The logstash user needs rwx for /root/sincedb and rx for /root.

Guenhael · September 7, 2016, 1:27pm

Ok, I’ll try this tomorrow since I do not have access to this offline system today.
Can you explain why need the “rx” rights for “root” (I will have to set “rx” for “others” group, not only for root, which not nice …)

magnusbaeck · September 7, 2016, 1:33pm

Oops, sorry. It doesn't need rx for /root, only x. Why? Because that's how POSIX file system permissions work. In order to access a file in /a/b/c you need execute permission to /a, /a/b, and /a/b/c.

Guenhael · September 7, 2016, 2:51pm

OK, I read « root » instead of « /root » (thought you wanted to add specific rights for “root” user, which can only e done on specific Linux distributions …).

warkolm · September 8, 2016, 12:33am

Or just don't use /root as the sincedb path, that's a lot smarter.

Guenhael · September 8, 2016, 9:30am

Yes, you’re right, I just chose it because I was the /root directory when I connected ! I have chosen another one in a user directory with the appropriate rights for logstash, including “x” right at each level for “other” users …
Now it works, but I’m a little bit surprised : logstash uses the file with the exact name I give, I do not see anything appended to his name (I mean the 3 figures I saw in the debug log, one looking like the JVM PID …).

Thanks !

Guenhaël

magnusbaeck · September 8, 2016, 10:41am

Well, if you give it a filename path it'll use that exact file.

Guenhael · September 8, 2016, 12:03pm

Well, as I described in my initial POST, when I had the rights problems, I gave /path/to/myfile in sincedb_path, … and I saw in the logs that it failed in creating path/to/myfile.xxx.yyy.zzz, so it did not use the exact filename I gave …

chromechris · October 7, 2016, 11:09pm

I decided to delete my .sincedb files, and they were never created again. They .sincedb files used to be under /root.