From a6cd5e85cc30fe5296a8a26332e7e78b153b1704 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Tue, 25 Jun 2019 10:34:20 +0200 Subject: [PATCH] Add warning for logging configuration on systemd (#12577) Since 7.0 we add the `-e` flag to all beats from the systemd unit file. This make them to log to stderr on systems with systemd, what is the recommended behaviour on these systems, so local logs are managed by journald. This creates some confusion as the added flags make beats ignore other output settings added to the configuration files. Add a new warning in the logging configuration page about this. --- auditbeat/auditbeat.reference.yml | 3 +++ filebeat/filebeat.reference.yml | 3 +++ heartbeat/heartbeat.reference.yml | 3 +++ journalbeat/journalbeat.reference.yml | 3 +++ libbeat/_meta/config.reference.yml | 3 +++ libbeat/docs/loggingconfig.asciidoc | 13 +++++++++++++ libbeat/docs/shared-systemd.asciidoc | 4 ++-- metricbeat/metricbeat.reference.yml | 3 +++ packetbeat/packetbeat.reference.yml | 3 +++ winlogbeat/winlogbeat.reference.yml | 3 +++ x-pack/auditbeat/auditbeat.reference.yml | 3 +++ x-pack/filebeat/filebeat.reference.yml | 3 +++ x-pack/functionbeat/functionbeat.reference.yml | 3 +++ x-pack/metricbeat/metricbeat.reference.yml | 3 +++ x-pack/winlogbeat/winlogbeat.reference.yml | 3 +++ 15 files changed, 54 insertions(+), 2 deletions(-) diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index d0570664f81f..e3bc37d9b1b5 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -1138,6 +1138,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 7641a39295dd..6854903ae835 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1839,6 +1839,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index 5568bff8c43a..bfa6498b3efa 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -1282,6 +1282,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/journalbeat/journalbeat.reference.yml b/journalbeat/journalbeat.reference.yml index a2dc41621fa9..c4756f780274 100644 --- a/journalbeat/journalbeat.reference.yml +++ b/journalbeat/journalbeat.reference.yml @@ -1078,6 +1078,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/_meta/config.reference.yml b/libbeat/_meta/config.reference.yml index 3c5722181001..00a4590e72c6 100644 --- a/libbeat/_meta/config.reference.yml +++ b/libbeat/_meta/config.reference.yml @@ -1026,6 +1026,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index 0a6eb3cf8df0..605bd0403158 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -48,6 +48,13 @@ endif::win_only[] TIP: In addition to setting logging options in the config file, you can modify the logging output configuration from the command line. See <>. + +ifndef::win_only[] +WARNING: When {beatname_uc} is running on a Linux system with systemd, it uses +by default the `-e` command line option, that makes it write all the logging output +to stderr so it can be captured by journald. Other outputs are disabled. See +<> to know more and learn how to change this. +endif::win_only[] endif::serverless[] ifdef::serverless[] @@ -77,6 +84,12 @@ You can specify the following options in the `logging` section of the +{beatname_lc}.yml+ config file: ifndef::serverless[] +[float] +==== `logging.to_stderr` + +When true, writes all logging output to standard error output. This is +equivalent to using the `-e` command line option. + [float] ==== `logging.to_syslog` diff --git a/libbeat/docs/shared-systemd.asciidoc b/libbeat/docs/shared-systemd.asciidoc index 25f0c08ece6a..cf028b9573f2 100644 --- a/libbeat/docs/shared-systemd.asciidoc +++ b/libbeat/docs/shared-systemd.asciidoc @@ -80,8 +80,8 @@ would override `BEAT_LOG_OPTS` to enable debug for Elasticsearch output. Environment="BEAT_LOG_OPTS=-e -d elasticsearch" ------------------------------------------------ -To use settings from the {beatname_uc} file, empty the environment -variable. For example: +To change the logging output from the {beatname_uc} configuration file, empty +the environment variable. For example: ["source", "systemd", subs="attributes"] ------------------------------------------------ diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 4514890d3b34..1d7573247afb 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1767,6 +1767,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 772ad0c38672..ba93fc6d3cc7 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -1506,6 +1506,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index f46be1539197..80d80b50690b 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -1059,6 +1059,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index 02183b8dd7c7..fd52c15c0378 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -1189,6 +1189,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index ad36f8b46482..88fbf50d7451 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1987,6 +1987,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 6d3e7654fa4f..f10428ecd2ea 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -1197,6 +1197,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 68f52ef85d02..929afc581762 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -1833,6 +1833,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index f3712e72d618..325d512f1395 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -1071,6 +1071,9 @@ setup.kibana: # Multiple selectors can be chained. #logging.selectors: [ ] +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + # Send all logging output to syslog. The default is false. #logging.to_syslog: false