filebeat 未在 linux 中启动且未打印日志以进行故障排除
filebeat not starting in linux and no logs are printed to troubleshoot
这是 filebeat 的全新安装。我从现有服务器复制了配置文件 filebeat.yml。
filebeat 版本:6.8.5
使用sudo systemctl start filebeat启动服务时,通过sudo systemctl status filebeat
查看服务状态时抛出以下错误
filebeat.service: main process exited, code=exited, status=1/FAILURE
Unit filebeat.service entered failed state.
filebeat.service failed.
filebeat.service holdoff time over, scheduling restart.
Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
start request repeated too quickly for filebeat.service
Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
Unit filebeat.service entered failed state.
filebeat.service failed.
失败的原因是什么?
filebeat 有一个很棒的功能,叫做 test。您可以检查配置文件和输出服务器配置是否正确配置。有关测试工具的更多信息,请使用帮助。
/usr/share/filebeat/bin/filebeat test --help
检查配置文件的正确性
/usr/share/filebeat/bin/filebeat test config --path.config /etc/filebeat
检查输出服务器配置
/usr/share/filebeat/bin/filebeat test output --path.config /etc/filebeat
就我而言,我的配置和输出都出错了。
- 配置
$ /usr/share/filebeat/bin/filebeat test config --path.config /etc/filebeat
Exiting: error loading config file: config file ("/etc/filebeat/filebeat.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx" (to fix the permissions use: 'chmod go-w /etc/filebeat/filebeat.yml')
更改 filebeat.yml 文件权限解决了问题
chmod go-w /etc/filebeat/filebeat.yml
- 输出
# /usr/share/filebeat/bin/filebeat test output --path.config /etc/filebeat
logstash: 10.3.22.31:043...
connection...
parse host... OK
dns lookup... OK
addresses: 10.5.86.21
dial up... ERROR dial tcp 10.5.86.21:43: connect: connection refused
我没有正确设置端口 (043)。更正端口号解决了问题。
这是 filebeat 的全新安装。我从现有服务器复制了配置文件 filebeat.yml。
filebeat 版本:6.8.5
使用sudo systemctl start filebeat启动服务时,通过sudo systemctl status filebeat
filebeat.service: main process exited, code=exited, status=1/FAILURE
Unit filebeat.service entered failed state.
filebeat.service failed.
filebeat.service holdoff time over, scheduling restart.
Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
start request repeated too quickly for filebeat.service
Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
Unit filebeat.service entered failed state.
filebeat.service failed.
失败的原因是什么?
filebeat 有一个很棒的功能,叫做 test。您可以检查配置文件和输出服务器配置是否正确配置。有关测试工具的更多信息,请使用帮助。
/usr/share/filebeat/bin/filebeat test --help
检查配置文件的正确性
/usr/share/filebeat/bin/filebeat test config --path.config /etc/filebeat
检查输出服务器配置
/usr/share/filebeat/bin/filebeat test output --path.config /etc/filebeat
就我而言,我的配置和输出都出错了。
- 配置
$ /usr/share/filebeat/bin/filebeat test config --path.config /etc/filebeat
Exiting: error loading config file: config file ("/etc/filebeat/filebeat.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx" (to fix the permissions use: 'chmod go-w /etc/filebeat/filebeat.yml')
更改 filebeat.yml 文件权限解决了问题
chmod go-w /etc/filebeat/filebeat.yml
- 输出
# /usr/share/filebeat/bin/filebeat test output --path.config /etc/filebeat
logstash: 10.3.22.31:043...
connection...
parse host... OK
dns lookup... OK
addresses: 10.5.86.21
dial up... ERROR dial tcp 10.5.86.21:43: connect: connection refused
我没有正确设置端口 (043)。更正端口号解决了问题。