0

I want to install filebeat on my webfaction server in order to ship the apache logs to a hosted ELK.

I followed the instructions.

The filebeat connects wonderfully to the ELK cloud. However locally I cannot get past this error:

[someone@web555 filebeat-6.5.1-linux-x86_64]$ ./filebeat setup
Exiting: error initializing publisher: error initializing processors: 1 error: failed to read process cgroups: open /proc/1/cgroup: no such file or directory

Indeed there is no /proc/1/cgroup just a /proc/cgroups file (note this is a shared server).

I have tried to find a way to disable cgroups but to no avail.

[someone@web555 filebeat-6.5.1-linux-x86_64]$ ./filebeat test output
elasticsearch: https://someoneat.europe-west3.gcp.cloud.es.io:443...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: xx.xxx.xxx.xxx
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 6.5.1


[someone@web555 filebeat-6.5.1-linux-x86_64]$ ./filebeat test config
Exiting: error initializing publisher: error initializing processors: 1 error: failed to read process cgroups: open /proc/1/cgroup: no such file or directory

Any hints would be appreciated (the free trial will expire in 14 days :D )

Post Scriptum

Only the apache2 module is enabled, I thought disabling system will skip this cgroups check.

[someone@web555 filebeat-6.5.1-linux-x86_64]$ ./filebeat modules list
Enabled:
apache2

Disabled:
auditd
elasticsearch
haproxy
icinga
iis
kafka
kibana
logstash
mongodb
mysql
nginx
osquery
postgresql
redis
suricata
system
traefik
ionescu77
  • 1,150
  • 10
  • 14
  • 1
    Are you using the `add_host_metadata` processor? try to disable it, the problem seems to be initializing processors. You may also want to open an issue in Beats project in github, or add a comment in this related issue https://github.com/elastic/beats/issues/3666 – Jaime Soriano Nov 29 '18 at 16:08
  • I know how to list modules. And made sure system module is disabled. Let me check how to list enabled processors. I'll check your link. Thx – ionescu77 Nov 29 '18 at 16:16
  • Thx Jamie it worked. Your hint. It's the first time I configure ELK. I did a grep for processors. After I did the changes I also noted you hinted me to the metadata entries :) The github issues I checked but there was not a clear workaround for cgroups – ionescu77 Nov 29 '18 at 16:33

1 Answers1

0

Thanks to the comment above of Jamie Soriano:

Are you using the add_host_metadata processor? try to disable it, the problem seems to be initializing processors.

Indeed in filebeat.yml I commented the processors entries (please note this were enabled by default).

#================================ Procesors =====================================

# Configure processors to enhance or manipulate events generated by the beat.

processors:
#  - add_host_metadata: ~
#  - add_cloud_metadata: ~

Now if I test the configuration everything is alright:

[someone@web555 filebeat-6.5.1-linux-x86_64]$ ./filebeat test config
Config OK

I am not happy skiping the host metadata, however I can proceed and ship the apache2 logs at least!

ionescu77
  • 1,150
  • 10
  • 14