/usr/share/metricbeat/bin/metricbeat exceeds max file size

willemdh · October 1, 2019, 11:14am

Hello

I'm seeing the following warning when starting auditbeat:

Oct 01 13:10:26 myserver auditbeat[22218]: 2019-10-01T13:10:26.828+0200 WARN [process] process/process.go:234 failed to hash executable /usr/share/metricbeat/bin/metricbeat for PID 24632: failed to hash file /usr/share/metricbeat/bin/metricbeat: hasher: file size 172910019 exceeds max file size

Is it possible to increase the max file size hasher limit? I find very little info in https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-dataset-system-process.html

Tx

cwurm · October 1, 2019, 1:33pm

Yeah, something is weird with the documentation. You can change process.hash.max_file_size in the config section for the system module. The default is 100 MiB.

You can find this setting in the auditbeat.reference.yml that ships with Auditbeat.

system · October 22, 2019, 1:33pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Audit beat warning Beats metricbeat	4	565	March 29, 2021
Failed to hash executable Beats auditbeat	1	564	October 28, 2020
Filebeat greater than max file size Beats filebeat	2	3747	June 13, 2018
Beat.db grows to 12G Bytes in windows Beats auditbeat	2	186	May 3, 2024
Failed to open persistent datastore: MapViewOfFile Beats auditbeat	3	665	July 8, 2018

/usr/share/metricbeat/bin/metricbeat exceeds max file size

Related topics