In an attempt to walk before running I thought I'd set up a filebeat instance as a syslog server and then use logger to send log messages to it.
My Docker Compose configuration for setting up filebeat is
filebeat:
image: docker.elastic.co/beats/filebeat:6.3.1
stdin_open: true
tty: true
command: filebeat -v -c /config-dir/filebeat.yml
restart: always
ports:
- "5000:5000"
volumes:
- ./log-cfg/filebeat.yml:/config-dir/filebeat.yml
- ./beat-out/:/beat-out/
The file filebeat.yml contains
filebeat.inputs:
- type: syslog
protocol.tcp.host: "localhost:5000"
output.file.path: "/beat-out"
logging:
level: debug
to_files: true
Bringing up filebeat with docker-compose up filebeat succeeds. And sending log messages using logger --server localhost --port 5000 --tcp --rfc3164 "An error" succeeds too. However, there is nothing printed to any file in ./beat-out/.
Attaching to the running instance and inspecting the log (/usr/share/filebeat/logs/filebeat) doesn't help me understand what's missing. A log can be found at http://ix.io/1gdq. Also, nothing appears in the filebeat log when sending a syslog message with logger.
What am I missing here?
