Configure logging for standalone Elastic Agents
editConfigure logging for standalone Elastic Agents
editThe Logging section of the elastic-agent.yml
config file contains settings for configuring the logging output.
The logging system can write logs to the syslog
, file
, stderr
, eventlog
, or rotate log files.
If you do not explicitly configure logging, the stderr
output is used.
This example configures Elastic Agent logging:
agent.logging.level: info agent.logging.to_files: true agent.logging.files: path: /var/log/elastic-agent name: elastic-agent keepfiles: 7 permissions: 0600
Logging configuration settings
editYou can specify the following settings in the Logging section of the
elastic-agent.yml
config file.
Some outputs will log raw events on errors like indexing errors in the Elasticsearch output, to prevent logging raw events (that may contain sensitive information) together with other log messages, a different log file, only for log entries containing raw events, is used. It will use the same level, selectors and all other configurations from the default logger, but it will have it’s own file configuration.
Having a different log file for raw events also prevents event data
from drowning out the regular log files. Use
agent.logging.event_data
to configure the events logger.
The events log file is not collected by the Elastic Agent monitoring. If the events log files are needed, they can be collected with the diagnostics or directly copied from the host running Elastic Agent.
Setting |
Description |
|
The minimum log level. Possible values:
Default: |
|
Specify the selector tags that are used by different Elastic Agent components for debugging.
To debug the output for all components, use Possible values: |
|
Set to Default: |
|
Set to Default: |
|
Set to Default: |
|
Set to Default: |
|
Specify the period after which to log the internal metrics. This setting is not passed to any Beats running under the Elastic Agent. Default: |
|
Set to Default: |
|
The directory that log files is written to. /Library/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent.ndjson /opt/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent.ndjson C:\Program Files\Elastic\Agent\data\elastic-agent-*\logs\elastic-agent.ndjson /var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent.ndjson /var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent.ndjson Logs file names end with a date and optional number: log-date.ndjson, log-date-1.ndjson, and so on as new files are created during rotation. |
|
The name of the file that logs are written to. Default: |
|
The maximum size limit of a log file. If the limit is reached, a new log file is generated. Default: |
|
The most recent number of rotated log files to keep on disk. Older files are deleted during log rotation.
The value must be in the range of Default: |
|
The permissions mask to apply when rotating log files. The permissions option must be a valid Unix-style file permissions mask expressed in octal notation. In Go, numbers in octal notation must start with 0. Default: |
|
Enable log file rotation on time intervals in addition to the size-based rotation. Intervals must be at least Default: |
|
Set to Default: |
|
Set to Default: |
|
The directory that log files is written to. /Library/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent.ndjson /opt/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent.ndjson C:\Program Files\Elastic\Agent\data\elastic-agent-*\logs\elastic-agent.ndjson /var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent.ndjson /var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent.ndjson Logs file names end with a date and optional number: log-date.ndjson, log-date-1.ndjson, and so on as new files are created during rotation. |
|
The name of the file that logs are written to. Default: |
|
The maximum size limit of a log file. If the limit is reached, a new log file is generated. Default: |
|
The most recent number of rotated log files to keep on disk. Older files are deleted during log rotation.
The value must be in the range of Default: |
|
The permissions mask to apply when rotating log files. The permissions option must be a valid Unix-style file permissions mask expressed in octal notation. In Go, numbers in octal notation must start with 0. Default: |
|
Enable log file rotation on time intervals in addition to the size-based rotation. Intervals must be at least Default: |
|
Set to Default: |