diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index d0570664f81..e3bc37d9b1b 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -1138,6 +1138,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 7641a39295d..6854903ae83 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1839,6 +1839,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index 5568bff8c43..bfa6498b3ef 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -1282,6 +1282,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/journalbeat/journalbeat.reference.yml b/journalbeat/journalbeat.reference.yml index a2dc41621fa..c4756f78027 100644 --- a/journalbeat/journalbeat.reference.yml +++ b/journalbeat/journalbeat.reference.yml @@ -1078,6 +1078,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/_meta/config.reference.yml b/libbeat/_meta/config.reference.yml index 3c572218100..00a4590e72c 100644 --- a/libbeat/_meta/config.reference.yml +++ b/libbeat/_meta/config.reference.yml @@ -1026,6 +1026,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index 0a6eb3cf8df..605bd040315 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -48,6 +48,13 @@ endif::win_only[] TIP: In addition to setting logging options in the config file, you can modify the logging output configuration from the command line. See <>. + +ifndef::win_only[] +WARNING: When {beatname_uc} is running on a Linux system with systemd, it uses +by default the `-e` command line option, that makes it write all the logging output +to stderr so it can be captured by journald. Other outputs are disabled. See +<> to know more and learn how to change this. +endif::win_only[] endif::serverless[] ifdef::serverless[] @@ -77,6 +84,12 @@ You can specify the following options in the `logging` section of the +{beatname_lc}.yml+ config file: ifndef::serverless[] +[float] +==== `logging.to_stderr` + +When true, writes all logging output to standard error output. This is +equivalent to using the `-e` command line option. + [float] ==== `logging.to_syslog` diff --git a/libbeat/docs/shared-systemd.asciidoc b/libbeat/docs/shared-systemd.asciidoc index 25f0c08ece6..cf028b9573f 100644 --- a/libbeat/docs/shared-systemd.asciidoc +++ b/libbeat/docs/shared-systemd.asciidoc @@ -80,8 +80,8 @@ would override `BEAT_LOG_OPTS` to enable debug for Elasticsearch output. Environment="BEAT_LOG_OPTS=-e -d elasticsearch" ------------------------------------------------ -To use settings from the {beatname_uc} file, empty the environment -variable. For example: +To change the logging output from the {beatname_uc} configuration file, empty +the environment variable. For example: ["source", "systemd", subs="attributes"] ------------------------------------------------ diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 4514890d3b3..1d7573247af 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1767,6 +1767,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 772ad0c3867..ba93fc6d3cc 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -1506,6 +1506,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index f46be153919..80d80b50690 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -1059,6 +1059,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index 02183b8dd7c..fd52c15c037 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -1189,6 +1189,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index ad36f8b4648..88fbf50d745 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1987,6 +1987,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 6d3e7654fa4..f10428ecd2e 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -1197,6 +1197,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 68f52ef85d0..929afc58176 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -1833,6 +1833,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index f3712e72d61..325d512f139 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -1071,6 +1071,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false