Skip to content

Filebeat

Missing Information in Log Files Because of File Rotation

By default Filebeat rotates its log files on its own. Filebeat copies its log file, e. g. seal-filebeat.log to seal-filebeat.log.1

  • as soon as the file size exceeds 10 MB and

  • every time Filebeat is started.

Filebeat keeps am maximum of 7 rotated files. This means log information will be lost, if Filebeat is restarted 7 times or more.

Solution:

Deactivate the log file rotation, when Fileabeat is started.

  1. In an editor, open the elasticsearch.yml configuration file:

    • Linux:
    /opt/seal/etc/filebeat.yml
    • Windows:
    "C:\ProgramData\SEAL Systems\config\filebeat.yml"

  2. Add the rotateonstartup: false item:

    logging:
  level: error
  to_files: true
  to_syslog: false
  files:
    permissions: 0644
    path: /var/log/seal
    name: seal-filebeat.log
    rotateeverybytes: 10485760
    keepfiles: 7
    rotateonstartup: false

  3. Save the file and exit.

Back to top