/usr/share/metricbeat/bin/metricbeat exceeds max file size

willemdh · October 1, 2019, 11:14am

Hello

I'm seeing the following warning when starting auditbeat:

Oct 01 13:10:26 myserver auditbeat[22218]: 2019-10-01T13:10:26.828+0200 WARN [process] process/process.go:234 failed to hash executable /usr/share/metricbeat/bin/metricbeat for PID 24632: failed to hash file /usr/share/metricbeat/bin/metricbeat: hasher: file size 172910019 exceeds max file size

Is it possible to increase the max file size hasher limit? I find very little info in https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-dataset-system-process.html

Tx

cwurm · October 1, 2019, 1:33pm

Yeah, something is weird with the documentation. You can change process.hash.max_file_size in the config section for the system module. The default is 100 MiB.

You can find this setting in the auditbeat.reference.yml that ships with Auditbeat.

system · October 22, 2019, 1:33pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.