Skip to content

Log file is not getting created #60

New issue
New issue
Open
Open
Log file is not getting created#60
@sriramb12

Description

@sriramb12
sriramb12
opened on Aug 26, 2022

There are 2 issues

  1. /var/log/o365beat is not created
    even if manually created, there are no log files being created
  • the Azure AD data is not getting collected. it does not create the file. The same worked earlier

[root@ models]# systemctl status o365beat -l
● o365beat.service - Shipper for Office 365 logs from Management Activities API.
Loaded: loaded (/usr/lib/systemd/system/o365beat.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2022-08-26 12:19:11 AWST; 412ms ago
Docs: https://www.elastic.co/products/beats/o365beat
Main PID: 2687 (o365beat)
Memory: 5.6M
CGroup: /system.slice/o365beat.service
└─2687 /usr/share/o365beat/bin/o365beat -e -c /etc/o365beat/o365beat.yml -path.home /usr/share/o365beat -path.config /etc/o365beat -path.data /var/lib/o365beat -path.logs /var/log/o365beat

Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.075+0800 INFO instance/beat.go:297 Setup Beat: o365beat; Version: 1.5.1
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.075+0800 INFO fileout/file.go:98 Initialized file output. path=/home/o365beat/o365.log max_size_bytes=10485760 max_backups=7 permissions=-rw-------
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.075+0800 INFO [publisher] pipeline/module.go:97 Beat name: crystaleye.lan
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.076+0800 INFO [monitoring] log/log.go:118 Starting metrics logging every 30s
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.076+0800 INFO instance/beat.go:429 o365beat start running.
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.076+0800 INFO beater/o365beat.go:459 o365beat is running! Hit CTRL-C to stop it.
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.076+0800 INFO beater/o365beat.go:203 enabling subscriptions for configured content types: [Audit.AzureActiveDirectory Audit.Exchange Audit.SharePoint Audit.General]
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.076+0800 INFO beater/o365beat.go:164 getting content subscriptions
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.076+0800 INFO beater/o365beat.go:106 auth nil or expired, re-authenticating
Aug 26 12:19:11 crystaleye.lan o365beat[2687]: 2022-08-26T12:19:11.076+0800 INFO beater/o365beat.go:133 authenticating via https://login.microsoftonline.com/tkqlm.onmicrosoft.com/oauth2/token?api-version=1.0
[root@crystaleye models]# ls -l /home/o365beat/
total 0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions