/usr/share/metricbeat/bin/metricbeat exceeds max file size

willemdh · October 1, 2019, 11:14am

Hello

I'm seeing the following warning when starting auditbeat:

Oct 01 13:10:26 myserver auditbeat[22218]: 2019-10-01T13:10:26.828+0200 WARN [process] process/process.go:234 failed to hash executable /usr/share/metricbeat/bin/metricbeat for PID 24632: failed to hash file /usr/share/metricbeat/bin/metricbeat: hasher: file size 172910019 exceeds max file size

Is it possible to increase the max file size hasher limit? I find very little info in https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-dataset-system-process.html

Tx

cwurm · October 1, 2019, 1:33pm

Yeah, something is weird with the documentation. You can change process.hash.max_file_size in the config section for the system module. The default is 100 MiB.

You can find this setting in the auditbeat.reference.yml that ships with Auditbeat.

Topic		Replies	Views
Audit beat warning Beats metricbeat	4	686	March 29, 2021
Failed to hash executable Beats auditbeat	1	628	October 28, 2020
Filebeat greater than max file size Beats filebeat	2	4101	June 13, 2018
Beat.db grows to 12G Bytes in windows Beats auditbeat	2	248	May 3, 2024
Tuning for harvesting a large number of files Beats filebeat	1	714	September 3, 2019

/usr/share/metricbeat/bin/metricbeat exceeds max file size

Related topics