From df54d05bb8895c3a864dd598cfc5a065f1158581 Mon Sep 17 00:00:00 2001 From: Duncan Martin Walker Date: Mon, 9 Mar 2020 16:15:04 +0000 Subject: [PATCH] Fix Filebeat/Auditbeat conflict The default Filebeat prospectors currently look for all log files in /var/log/. This can cause conflicts with auditbeat, which also monitors audit log files in /var/log and can fail to get a lock on the appropriate log files, subsequently failing. This commit explicitly removes audit log files from the Filebeat prospector path to remove this conflict. Change-Id: I2146bd6f4980610f32d27896406167458e08dffe --- elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml b/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml index dc71109f..a8aced0b 100644 --- a/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml +++ b/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml @@ -265,7 +265,7 @@ filebeat_prospectors: enabled: "{{ filebeat_system_enabled | default(true) }}" paths: - /openstack/log/ansible-logging/*.log - - /var/log/*.log + - /var/log/!(auth*).log - /var/log/libvirt/*.log - /var/log/libvirt/*/*.log - /var/log/lxc/*.log