Collector-sidecar logging level?

Graylog Central (peer support)
,
1

Hello, trying to set the verbosity of the logging messages output by filebeat to /var/log/messages to “warning” instead of “info” via the sidecar configuration within Graylog itself.

I’ve tried modifying the sidecar configuration by adding the following, but I saw no change:
logging.level: warning

I also tried using this, but with similarly no change:
filebeat:
logging.level: warning

Any ideas?

Here’s my sidecar config:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
filebeat.inputs:
- input_type: log
  paths:
    - /var/log/*.log
    - /var/log/maillog
    - /var/log/messages
    - /var/log/security
  type: log
output.logstash:
   hosts: ["graylog:5514"]
   ttl: 10.0s
   pipelining: 0
path:
  data: /var/lib/graylog-sidecar/collectors/filebeat/data
  logs: /var/lib/graylog-sidecar/collectors/filebeat/log
2

Greetings!

Were you able to add the logging level line in the sidecar config?

I have this section in mind:

(adding additional lines for context, but it really can go anywhere in the file)

output.logstash:
   hosts: ["127.0.0.1:5044"]

path:
  data: /var/lib/graylog-sidecar/collectors/filebeat/data
  logs: /var/lib/graylog-sidecar/collectors/filebeat/log

logging:
  level: info

Screenshot of the sidecar config UI:

image
image862×332 41 KB

Hope that helps.

3

I just tried using:

logging:
  level: warning

I am still seeing info level events in /var/log/messages from filebeat:

Still seeing:


May 15 10:15:17 server-name filebeat[1584]: {"log.level":"info","@timestamp":"2023-05-15T10:15:17.097-0400","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":167026688}}}},"cpu":{"system":{"ticks":14140},"total":{"ticks":34970,"value":34970},"user":{"ticks":20830}},"handles":{"limit":{"hard":262144,"soft":1024},"open":10},"info":{"ephemeral_id":"813fa5f7-ebe8-4256-ab23-19411d8dd3af","uptime":{"ms":246723505},"version":"8.6.2"},"memstats":{"gc_next":17928248,"memory_alloc":8611296,"memory_total":1933629192,"rss":115150848},"runtime":{"goroutines":23}},"filebeat":{"events":{"active":0},"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0,"15":0,"5":0.02,"norm":{"1":0,"15":0,"5":0.01}}}},"ecs.version":"1.6.0"}}

I was hoping to be able to adjust the verbosity level of the filebeat events in /var/log/messages using the collector-sidecar as opposed to having to modify the filebeat.yml manually across multiple servers. (I know I could use Puppet or similar, but I am trying to avoid involving my sysadmins)

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.