From a6cd5e85cc30fe5296a8a26332e7e78b153b1704 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Tue, 25 Jun 2019 10:34:20 +0200 Subject: [PATCH] Add warning for logging configuration on systemd (#12577) Since 7.0 we add the `-e` flag to all beats from the systemd unit file. This make them to log to stderr on systems with systemd, what is the recommended behaviour on these systems, so local logs are managed by journald. This creates some confusion as the added flags make beats ignore other output settings added to the configuration files. Add a new warning in the logging configuration page about this. --- auditbeat/auditbeat.reference.yml | 3 +++ filebeat/filebeat.reference.yml | 3 +++ heartbeat/heartbeat.reference.yml | 3 +++ journalbeat/journalbeat.reference.yml | 3 +++ libbeat/_meta/config.reference.yml | 3 +++ libbeat/docs/loggingconfig.asciidoc | 13 +++++++++++++ libbeat/docs/shared-systemd.asciidoc | 4 ++-- metricbeat/metricbeat.reference.yml | 3 +++ packetbeat/packetbeat.reference.yml | 3 +++ winlogbeat/winlogbeat.reference.yml | 3 +++ x-pack/auditbeat/auditbeat.reference.yml | 3 +++ x-pack/filebeat/filebeat.reference.yml | 3 +++ x-pack/functionbeat/functionbeat.reference.yml | 3 +++ x-pack/metricbeat/metricbeat.reference.yml | 3 +++ x-pack/winlogbeat/winlogbeat.reference.yml | 3 +++ 15 files changed, 54 insertions(+), 2 deletions(-) diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index d0570664f81..e3bc37d9b1b 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -1138,6 +1138,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 7641a39295d..6854903ae83 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1839,6 +1839,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index 5568bff8c43..bfa6498b3ef 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -1282,6 +1282,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/journalbeat/journalbeat.reference.yml b/journalbeat/journalbeat.reference.yml index a2dc41621fa..c4756f78027 100644 --- a/journalbeat/journalbeat.reference.yml +++ b/journalbeat/journalbeat.reference.yml @@ -1078,6 +1078,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/_meta/config.reference.yml b/libbeat/_meta/config.reference.yml index 3c572218100..00a4590e72c 100644 --- a/libbeat/_meta/config.reference.yml +++ b/libbeat/_meta/config.reference.yml @@ -1026,6 +1026,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index 0a6eb3cf8df..605bd040315 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -48,6 +48,13 @@ endif::win_only[] TIP: In addition to setting logging options in the config file, you can modify the logging output configuration from the command line. See <>. + +ifndef::win_only[] +WARNING: When {beatname_uc} is running on a Linux system with systemd, it uses +by default the `-e` command line option, that makes it write all the logging output +to stderr so it can be captured by journald. Other outputs are disabled. See +<> to know more and learn how to change this. +endif::win_only[] endif::serverless[] ifdef::serverless[] @@ -77,6 +84,12 @@ You can specify the following options in the `logging` section of the +{beatname_lc}.yml+ config file: ifndef::serverless[] +[float] +==== `logging.to_stderr` + +When true, writes all logging output to standard error output. This is +equivalent to using the `-e` command line option. + [float] ==== `logging.to_syslog` diff --git a/libbeat/docs/shared-systemd.asciidoc b/libbeat/docs/shared-systemd.asciidoc index 25f0c08ece6..cf028b9573f 100644 --- a/libbeat/docs/shared-systemd.asciidoc +++ b/libbeat/docs/shared-systemd.asciidoc @@ -80,8 +80,8 @@ would override `BEAT_LOG_OPTS` to enable debug for Elasticsearch output. Environment="BEAT_LOG_OPTS=-e -d elasticsearch" ------------------------------------------------ -To use settings from the {beatname_uc} file, empty the environment -variable. For example: +To change the logging output from the {beatname_uc} configuration file, empty +the environment variable. For example: ["source", "systemd", subs="attributes"] ------------------------------------------------ diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 4514890d3b3..1d7573247af 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1767,6 +1767,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 772ad0c3867..ba93fc6d3cc 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -1506,6 +1506,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index f46be153919..80d80b50690 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -1059,6 +1059,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index 02183b8dd7c..fd52c15c037 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -1189,6 +1189,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index ad36f8b4648..88fbf50d745 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1987,6 +1987,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 6d3e7654fa4..f10428ecd2e 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -1197,6 +1197,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 68f52ef85d0..929afc58176 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -1833,6 +1833,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index f3712e72d61..325d512f139 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -1071,6 +1071,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false