/usr/share/metricbeat/bin/metricbeat exceeds max file size


I'm seeing the following warning when starting auditbeat:

Oct 01 13:10:26 myserver auditbeat[22218]: 2019-10-01T13:10:26.828+0200 WARN [process] process/process.go:234 failed to hash executable /usr/share/metricbeat/bin/metricbeat for PID 24632: failed to hash file /usr/share/metricbeat/bin/metricbeat: hasher: file size 172910019 exceeds max file size

Is it possible to increase the max file size hasher limit? I find very little info in https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-dataset-system-process.html


Yeah, something is weird with the documentation. You can change process.hash.max_file_size in the config section for the system module. The default is 100 MiB.

You can find this setting in the auditbeat.reference.yml that ships with Auditbeat.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.