How to store the input logs in another path


#1

Hello,

I don’t know how to store the input logs in another directory. Is it possible to do this ? May i miss it in the documentation ?

PS : I installed graylog manually

In any case thanks you by advance for your answer and time.


(Jochen) #2

All log messages are indexed into Elasticsearch.

You’ll have to change the data path of your Elasticsearch nodes.
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/important-settings.html#path-settings


#3

thanks you Jochen.

I changed the path.data directory like this in /etc/elasticsearch/elasticsearch.yml :

# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /var/elasticsearch/data
#path:
data: "/var/elasticsearch/data"
#logs: "/var/elasticsearch/logs"

#
# Path to log files:
#
#path.logs: /var/elasticsearch/logs

But i have and error :

service elasticsearch status

  Active: failed (Result: exit-code) since jeu. 2018-06-07 10:16:21 CEST; 28min ago
     Docs: http://www.elastic.co
  Process: 6608 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet -Edefault.path.logs=${LOG_DIR} -Edefault.path.data=${DATA_DIR} -Edefault.path.conf=${CONF_DIR} (code=exited, status=1/FAILURE)
  Process: 6607 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
 Main PID: 6608 (code=exited, status=1/FAILURE)

In the log /var/log/elasticsearch/elasticsearch-2018-06-06.log i got this

[WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unable to access 'path.data' (/var/elasticsearch/data) 

I also found in this forum an solution but i don’t know how to proceed :


(Jochen) #4

That configuration file is incorrect. Either use path.data or the split up hierarchical version, but only data won’t work.

The data path has to be writable for the system user running Elasticsearch.

You can check the file system permissions with the following command:

# namei -l /var/elasticsearch/data

#5

Hello again,

I’m sorry i don’t understand your precedent post. Can you post an valid configuration of the /etc/elasticsearch/elasticsearch.yml ? Please


(Jochen) #6

See https://www.elastic.co/guide/en/elasticsearch/reference/5.6/settings.html#_config_file_format


#7

Re,

i did this and it seems to work :

In the config file /etc/init.d/elasticsearch/elasticsearch.yml i modified like this :

DATA_DIR="/var/elasticsearch/data" 
LOG_DIR="/var/elasticsearch/logs"

In the config file /etc/elasticsearch i modified like this :

 # ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by com$
#
path.data: ${DATA_DIR}

path.logs: ${LOG_DIR}

(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.