aloalo2242/gist:dbf22ba91db1e83a23dd96d2e6c9eb53 Secret

## gistfile1.txt
[root@localhost ~]# filebeat -e -d "*"
2020-12-15T08:43:37.794+0700    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2020-12-15T08:43:37.794+0700    DEBUG   [beat]  instance/beat.go:697    Beat metadata path: /var/lib/filebeat/meta.json
2020-12-15T08:43:37.794+0700    INFO    instance/beat.go:653    Beat ID: 42db914b-07e7-4e78-81b4-9414d3b1e26d
2020-12-15T08:43:37.795+0700    DEBUG   [conditions]    conditions/conditions.go:98     New condition contains: map[]
2020-12-15T08:43:37.795+0700    DEBUG   [conditions]    conditions/conditions.go:98     New condition !contains: map[]
2020-12-15T08:43:37.795+0700    DEBUG   [docker]        docker/client.go:48     Docker client will negotiate the API version on the first request.
2020-12-15T08:43:37.795+0700    DEBUG   [add_cloud_metadata]    add_cloud_metadata/providers.go:126     add_cloud_metadata: starting to fetch metadata, timeout=3s
2020-12-15T08:43:37.795+0700    DEBUG   [add_docker_metadata]   add_docker_metadata/add_docker_metadata.go:87   add_docker_metadata: docker environment not detected: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
2020-12-15T08:43:37.795+0700    DEBUG   [kubernetes]    add_kubernetes_metadata/kubernetes.go:138       Could not create kubernetes client using in_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable  {"libbeat.processor": "add_kubernetes_metadata"}
2020-12-15T08:43:40.796+0700    DEBUG   [add_cloud_metadata]    add_cloud_metadata/providers.go:162     add_cloud_metadata: received disposition for digitalocean after 3.000463743s. result=[provider:digitalocean, error=failed requesting digitalocean metadata: Get "http://169.254.169.254/metadata/v1.json": dial tcp 169.254.169.254:80: i/o timeout, metadata={}]
2020-12-15T08:43:40.796+0700    DEBUG   [add_cloud_metadata]    add_cloud_metadata/providers.go:169     add_cloud_metadata: timed-out waiting for all responses
2020-12-15T08:43:40.796+0700    DEBUG   [add_cloud_metadata]    add_cloud_metadata/providers.go:129     add_cloud_metadata: fetchMetadata ran for 3.000722137s
2020-12-15T08:43:40.796+0700    INFO    [add_cloud_metadata]    add_cloud_metadata/add_cloud_metadata.go:89     add_cloud_metadata: hosting provider type not detected.
2020-12-15T08:43:40.796+0700    DEBUG   [processors]    processors/processor.go:120     Generated new processors: add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]], condition=!contains: map[], add_cloud_metadata={}, add_docker_metadata=[match_fields=[] match_pids=[process.pid, process.ppid]], add_kubernetes_metadata
2020-12-15T08:43:40.796+0700    DEBUG   [seccomp]       seccomp/seccomp.go:117  Loading syscall filter  {"seccomp_filter": {"no_new_privs":true,"flag":"tsync","policy":{"default_action":"errno","syscalls":[{"names":["accept","accept4","access","arch_prctl","bind","brk","chmod","chown","clock_gettime","clone","close","connect","dup","dup2","epoll_create","epoll_create1","epoll_ctl","epoll_pwait","epoll_wait","exit","exit_group","fchdir","fchmod","fchmodat","fchown","fchownat","fcntl","fdatasync","flock","fstat","fstatfs","fsync","ftruncate","futex","getcwd","getdents","getdents64","geteuid","getgid","getpeername","getpid","getppid","getrandom","getrlimit","getrusage","getsockname","getsockopt","gettid","gettimeofday","getuid","inotify_add_watch","inotify_init1","inotify_rm_watch","ioctl","kill","listen","lseek","lstat","madvise","mincore","mkdirat","mmap","mprotect","munmap","nanosleep","newfstatat","open","openat","pipe","pipe2","poll","ppoll","pread64","pselect6","pwrite64","read","readlink","readlinkat","recvfrom","recvmmsg","recvmsg","rename","renameat","rt_sigaction","rt_sigprocmask","rt_sigreturn","sched_getaffinity","sched_yield","sendfile","sendmmsg","sendmsg","sendto","set_robust_list","setitimer","setsockopt","shutdown","sigaltstack","socket","splice","stat","statfs","sysinfo","tgkill","time","tkill","uname","unlink","unlinkat","wait4","waitid","write","writev"],"action":"allow"}]}}}
2020-12-15T08:43:40.796+0700    INFO    [seccomp]       seccomp/seccomp.go:124  Syscall filter successfully installed
2020-12-15T08:43:40.797+0700    INFO    [beat]  instance/beat.go:981    Beat info       {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "42db914b-07e7-4e78-81b4-9414d3b1e26d"}}}
2020-12-15T08:43:40.797+0700    INFO    [beat]  instance/beat.go:990    Build info      {"system_info": {"build": {"commit": "1da173a9e716715a7a54bb3ff4db05b5c24fc8ce", "libbeat": "7.10.1", "time": "2020-12-04T23:27:17.000Z", "version": "7.10.1"}}}
2020-12-15T08:43:40.797+0700    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":6,"version":"go1.14.12"}}}
2020-12-15T08:43:40.798+0700    INFO    [beat]  instance/beat.go:997    Host info       {"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-12-10T10:12:07+07:00","containerized":false,"name":"localhost.localdomain","ip":["127.0.0.1/8","::1/128","localhost/22","fe80::250:56ff:fea2:43cf/64"],"kernel_version":"3.10.0-1127.19.1.el7.x86_64","mac":["00:50:56:a2:43:cf"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":8,"patch":2003,"codename":"Core"},"timezone":"+07","timezone_offset_sec":25200,"id":"ed39e1e5105544fdb69927e2beff7ea6"}}}
2020-12-15T08:43:40.799+0700    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"ambient":null}, "cwd": "/root", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 5824, "ppid": 5809, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2020-12-15T08:43:36.840+0700"}}}
2020-12-15T08:43:40.799+0700    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.1
2020-12-15T08:43:40.799+0700    DEBUG   [beat]  instance/beat.go:325    Initializing output plugins
2020-12-15T08:43:40.799+0700    INFO    [index-management]      idxmgmt/std.go:184      Set output.elasticsearch.index to 'filebeat-7.10.1' as ILM is enabled.
2020-12-15T08:43:40.799+0700    INFO    eslegclient/connection.go:99    elasticsearch url: http://localhost:9200
2020-12-15T08:43:40.800+0700    DEBUG   [publisher]     pipeline/consumer.go:148        start pipeline event consumer
2020-12-15T08:43:40.800+0700    INFO    [publisher]     pipeline/module.go:113  Beat name: localhost.localdomain
2020-12-15T08:43:40.802+0700    INFO    [monitoring]    log/log.go:118  Starting metrics logging every 30s
2020-12-15T08:43:40.802+0700    INFO    instance/beat.go:455    filebeat start running.
2020-12-15T08:43:40.802+0700    DEBUG   [test]  registrar/migrate.go:304        isFile(/var/lib/filebeat/registry) -> false
2020-12-15T08:43:40.802+0700    DEBUG   [test]  registrar/migrate.go:304        isFile() -> false
2020-12-15T08:43:40.802+0700    DEBUG   [test]  registrar/migrate.go:297        isDir(/var/lib/filebeat/registry/filebeat) -> true
2020-12-15T08:43:40.802+0700    DEBUG   [test]  registrar/migrate.go:304        isFile(/var/lib/filebeat/registry/filebeat/meta.json) -> true
2020-12-15T08:43:40.802+0700    DEBUG   [registrar]     registrar/migrate.go:84 Registry type '1' found
2020-12-15T08:43:40.803+0700    INFO    memlog/store.go:119     Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=6059071
2020-12-15T08:43:40.986+0700    INFO    memlog/store.go:124     Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=6069663
2020-12-15T08:43:40.986+0700    INFO    [registrar]     registrar/registrar.go:109      States Loaded from registrar: 10
2020-12-15T08:43:40.986+0700    INFO    [crawler]       beater/crawler.go:71    Loading Inputs: 2
2020-12-15T08:43:40.986+0700    DEBUG   [cfgfile]       cfgfile/reload.go:132   Checking module configs from: /etc/filebeat/modules.d/*.yml
2020-12-15T08:43:40.986+0700    DEBUG   [cfgfile]       cfgfile/cfgfile.go:193  Load config from file: /etc/filebeat/modules.d/fortinet.yml
2020-12-15T08:43:40.986+0700    DEBUG   [registrar]     registrar/registrar.go:140      Starting Registrar
2020-12-15T08:43:40.986+0700    ERROR   cfgfile/reload.go:273   Error loading config from file '/etc/filebeat/modules.d/fortinet.yml', error invalid config: yaml: line 21: did not find expected key
2020-12-15T08:43:40.986+0700    INFO    beater/crawler.go:148   Stopping Crawler
2020-12-15T08:43:40.986+0700    INFO    beater/crawler.go:158   Stopping 0 inputs
2020-12-15T08:43:40.986+0700    INFO    beater/crawler.go:178   Crawler stopped
2020-12-15T08:43:40.986+0700    INFO    [registrar]     registrar/registrar.go:132      Stopping Registrar
2020-12-15T08:43:40.986+0700    INFO    [registrar]     registrar/registrar.go:166      Ending Registrar
2020-12-15T08:43:40.987+0700    DEBUG   [registrar]     registrar/registrar.go:167      Stopping Registrar
2020-12-15T08:43:40.987+0700    INFO    [registrar]     registrar/registrar.go:137      Registrar stopped
2020-12-15T08:43:40.989+0700    INFO    [monitoring]    log/log.go:153  Total non-zero metrics  {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":100,"time":{"ms":102}},"total":{"ticks":470,"time":{"ms":475},"value":470},"user":{"ticks":370,"time":{"ms":373}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":9},"info":{"ephemeral_id":"fa24e2f0-80c0-43e1-b064-c1023e53f8df","uptime":{"ms":3283}},"memstats":{"gc_next":18261152,"memory_alloc":12595208,"memory_total":69766168,"rss":50475008},"runtime":{"goroutines":12}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"elasticsearch"},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"cpu":{"cores":6},"load":{"1":0.01,"15":0.09,"5":0.1,"norm":{"1":0.0017,"15":0.015,"5":0.0167}}}}}}
2020-12-15T08:43:40.989+0700    INFO    [monitoring]    log/log.go:154  Uptime: 3.285303974s
2020-12-15T08:43:40.989+0700    INFO    [monitoring]    log/log.go:131  Stopping metrics logging.
2020-12-15T08:43:40.989+0700    INFO    instance/beat.go:461    filebeat stopped.
2020-12-15T08:43:40.989+0700    ERROR   instance/beat.go:956    Exiting: Failed to start crawler: creating module reloader failed: 1 error: invalid config: yaml: line 21: did not find expected key
loading configs
github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Check
        /go/src/github.com/elastic/beats/libbeat/cfgfile/reload.go:143
github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start
        /go/src/github.com/elastic/beats/filebeat/beater/crawler.go:91
github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run
        /go/src/github.com/elastic/beats/filebeat/beater/filebeat.go:438
github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch
        /go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:461
github.com/elastic/beats/v7/libbeat/cmd/instance.Run.func1
        /go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:189
github.com/elastic/beats/v7/libbeat/cmd/instance.Run
        /go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:190
github.com/elastic/beats/v7/libbeat/cmd.genRunCmd.func1
        /go/src/github.com/elastic/beats/libbeat/cmd/run.go:36
github.com/spf13/cobra.(*Command).execute
        /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
github.com/spf13/cobra.(*Command).ExecuteC
        /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
github.com/spf13/cobra.(*Command).Execute
        /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
main.main
        /go/src/github.com/elastic/beats/x-pack/filebeat/main.go:22
runtime.main
        /usr/local/go/src/runtime/proc.go:203
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1373
Exiting: Failed to start crawler: creating module reloader failed: 1 error: invalid config: yaml: line 21: did not find expected key
loading configs
github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Check
        /go/src/github.com/elastic/beats/libbeat/cfgfile/reload.go:143
github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start
        /go/src/github.com/elastic/beats/filebeat/beater/crawler.go:91
github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run
        /go/src/github.com/elastic/beats/filebeat/beater/filebeat.go:438
github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch
        /go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:461
github.com/elastic/beats/v7/libbeat/cmd/instance.Run.func1
        /go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:189
github.com/elastic/beats/v7/libbeat/cmd/instance.Run
        /go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:190
github.com/elastic/beats/v7/libbeat/cmd.genRunCmd.func1
        /go/src/github.com/elastic/beats/libbeat/cmd/run.go:36
github.com/spf13/cobra.(*Command).execute
        /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
github.com/spf13/cobra.(*Command).ExecuteC
        /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
github.com/spf13/cobra.(*Command).Execute
        /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
main.main
        /go/src/github.com/elastic/beats/x-pack/filebeat/main.go:22
runtime.main
        /usr/local/go/src/runtime/proc.go:203
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1373
	[root@localhost ~]# filebeat -e -d "*"
	2020-12-15T08:43:37.794+0700 INFO instance/beat.go:645 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
	2020-12-15T08:43:37.794+0700 DEBUG [beat] instance/beat.go:697 Beat metadata path: /var/lib/filebeat/meta.json
	2020-12-15T08:43:37.794+0700 INFO instance/beat.go:653 Beat ID: 42db914b-07e7-4e78-81b4-9414d3b1e26d
	2020-12-15T08:43:37.795+0700 DEBUG [conditions] conditions/conditions.go:98 New condition contains: map[]
	2020-12-15T08:43:37.795+0700 DEBUG [conditions] conditions/conditions.go:98 New condition !contains: map[]
	2020-12-15T08:43:37.795+0700 DEBUG [docker] docker/client.go:48 Docker client will negotiate the API version on the first request.
	2020-12-15T08:43:37.795+0700 DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:126 add_cloud_metadata: starting to fetch metadata, timeout=3s
	2020-12-15T08:43:37.795+0700 DEBUG [add_docker_metadata] add_docker_metadata/add_docker_metadata.go:87 add_docker_metadata: docker environment not detected: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
	2020-12-15T08:43:37.795+0700 DEBUG [kubernetes] add_kubernetes_metadata/kubernetes.go:138 Could not create kubernetes client using in_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable {"libbeat.processor": "add_kubernetes_metadata"}
	2020-12-15T08:43:40.796+0700 DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:162 add_cloud_metadata: received disposition for digitalocean after 3.000463743s. result=[provider:digitalocean, error=failed requesting digitalocean metadata: Get "http://169.254.169.254/metadata/v1.json": dial tcp 169.254.169.254:80: i/o timeout, metadata={}]
	2020-12-15T08:43:40.796+0700 DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:169 add_cloud_metadata: timed-out waiting for all responses
	2020-12-15T08:43:40.796+0700 DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:129 add_cloud_metadata: fetchMetadata ran for 3.000722137s
	2020-12-15T08:43:40.796+0700 INFO [add_cloud_metadata] add_cloud_metadata/add_cloud_metadata.go:89 add_cloud_metadata: hosting provider type not detected.
	2020-12-15T08:43:40.796+0700 DEBUG [processors] processors/processor.go:120 Generated new processors: add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]], condition=!contains: map[], add_cloud_metadata={}, add_docker_metadata=[match_fields=[] match_pids=[process.pid, process.ppid]], add_kubernetes_metadata
	2020-12-15T08:43:40.796+0700 DEBUG [seccomp] seccomp/seccomp.go:117 Loading syscall filter {"seccomp_filter": {"no_new_privs":true,"flag":"tsync","policy":{"default_action":"errno","syscalls":[{"names":["accept","accept4","access","arch_prctl","bind","brk","chmod","chown","clock_gettime","clone","close","connect","dup","dup2","epoll_create","epoll_create1","epoll_ctl","epoll_pwait","epoll_wait","exit","exit_group","fchdir","fchmod","fchmodat","fchown","fchownat","fcntl","fdatasync","flock","fstat","fstatfs","fsync","ftruncate","futex","getcwd","getdents","getdents64","geteuid","getgid","getpeername","getpid","getppid","getrandom","getrlimit","getrusage","getsockname","getsockopt","gettid","gettimeofday","getuid","inotify_add_watch","inotify_init1","inotify_rm_watch","ioctl","kill","listen","lseek","lstat","madvise","mincore","mkdirat","mmap","mprotect","munmap","nanosleep","newfstatat","open","openat","pipe","pipe2","poll","ppoll","pread64","pselect6","pwrite64","read","readlink","readlinkat","recvfrom","recvmmsg","recvmsg","rename","renameat","rt_sigaction","rt_sigprocmask","rt_sigreturn","sched_getaffinity","sched_yield","sendfile","sendmmsg","sendmsg","sendto","set_robust_list","setitimer","setsockopt","shutdown","sigaltstack","socket","splice","stat","statfs","sysinfo","tgkill","time","tkill","uname","unlink","unlinkat","wait4","waitid","write","writev"],"action":"allow"}]}}}
	2020-12-15T08:43:40.796+0700 INFO [seccomp] seccomp/seccomp.go:124 Syscall filter successfully installed
	2020-12-15T08:43:40.797+0700 INFO [beat] instance/beat.go:981 Beat info {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "42db914b-07e7-4e78-81b4-9414d3b1e26d"}}}
	2020-12-15T08:43:40.797+0700 INFO [beat] instance/beat.go:990 Build info {"system_info": {"build": {"commit": "1da173a9e716715a7a54bb3ff4db05b5c24fc8ce", "libbeat": "7.10.1", "time": "2020-12-04T23:27:17.000Z", "version": "7.10.1"}}}
	2020-12-15T08:43:40.797+0700 INFO [beat] instance/beat.go:993 Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":6,"version":"go1.14.12"}}}
	2020-12-15T08:43:40.798+0700 INFO [beat] instance/beat.go:997 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-12-10T10:12:07+07:00","containerized":false,"name":"localhost.localdomain","ip":["127.0.0.1/8","::1/128","localhost/22","fe80::250:56ff:fea2:43cf/64"],"kernel_version":"3.10.0-1127.19.1.el7.x86_64","mac":["00:50:56:a2:43:cf"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":8,"patch":2003,"codename":"Core"},"timezone":"+07","timezone_offset_sec":25200,"id":"ed39e1e5105544fdb69927e2beff7ea6"}}}
	2020-12-15T08:43:40.799+0700 INFO [beat] instance/beat.go:1026 Process info {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"ambient":null}, "cwd": "/root", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 5824, "ppid": 5809, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2020-12-15T08:43:36.840+0700"}}}
	2020-12-15T08:43:40.799+0700 INFO instance/beat.go:299 Setup Beat: filebeat; Version: 7.10.1
	2020-12-15T08:43:40.799+0700 DEBUG [beat] instance/beat.go:325 Initializing output plugins
	2020-12-15T08:43:40.799+0700 INFO [index-management] idxmgmt/std.go:184 Set output.elasticsearch.index to 'filebeat-7.10.1' as ILM is enabled.
	2020-12-15T08:43:40.799+0700 INFO eslegclient/connection.go:99 elasticsearch url: http://localhost:9200
	2020-12-15T08:43:40.800+0700 DEBUG [publisher] pipeline/consumer.go:148 start pipeline event consumer
	2020-12-15T08:43:40.800+0700 INFO [publisher] pipeline/module.go:113 Beat name: localhost.localdomain
	2020-12-15T08:43:40.802+0700 INFO [monitoring] log/log.go:118 Starting metrics logging every 30s
	2020-12-15T08:43:40.802+0700 INFO instance/beat.go:455 filebeat start running.
	2020-12-15T08:43:40.802+0700 DEBUG [test] registrar/migrate.go:304 isFile(/var/lib/filebeat/registry) -> false
	2020-12-15T08:43:40.802+0700 DEBUG [test] registrar/migrate.go:304 isFile() -> false
	2020-12-15T08:43:40.802+0700 DEBUG [test] registrar/migrate.go:297 isDir(/var/lib/filebeat/registry/filebeat) -> true
	2020-12-15T08:43:40.802+0700 DEBUG [test] registrar/migrate.go:304 isFile(/var/lib/filebeat/registry/filebeat/meta.json) -> true
	2020-12-15T08:43:40.802+0700 DEBUG [registrar] registrar/migrate.go:84 Registry type '1' found
	2020-12-15T08:43:40.803+0700 INFO memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=6059071
	2020-12-15T08:43:40.986+0700 INFO memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=6069663
	2020-12-15T08:43:40.986+0700 INFO [registrar] registrar/registrar.go:109 States Loaded from registrar: 10
	2020-12-15T08:43:40.986+0700 INFO [crawler] beater/crawler.go:71 Loading Inputs: 2
	2020-12-15T08:43:40.986+0700 DEBUG [cfgfile] cfgfile/reload.go:132 Checking module configs from: /etc/filebeat/modules.d/*.yml
	2020-12-15T08:43:40.986+0700 DEBUG [cfgfile] cfgfile/cfgfile.go:193 Load config from file: /etc/filebeat/modules.d/fortinet.yml
	2020-12-15T08:43:40.986+0700 DEBUG [registrar] registrar/registrar.go:140 Starting Registrar
	2020-12-15T08:43:40.986+0700 ERROR cfgfile/reload.go:273 Error loading config from file '/etc/filebeat/modules.d/fortinet.yml', error invalid config: yaml: line 21: did not find expected key
	2020-12-15T08:43:40.986+0700 INFO beater/crawler.go:148 Stopping Crawler
	2020-12-15T08:43:40.986+0700 INFO beater/crawler.go:158 Stopping 0 inputs
	2020-12-15T08:43:40.986+0700 INFO beater/crawler.go:178 Crawler stopped
	2020-12-15T08:43:40.986+0700 INFO [registrar] registrar/registrar.go:132 Stopping Registrar
	2020-12-15T08:43:40.986+0700 INFO [registrar] registrar/registrar.go:166 Ending Registrar
	2020-12-15T08:43:40.987+0700 DEBUG [registrar] registrar/registrar.go:167 Stopping Registrar
	2020-12-15T08:43:40.987+0700 INFO [registrar] registrar/registrar.go:137 Registrar stopped
	2020-12-15T08:43:40.989+0700 INFO [monitoring] log/log.go:153 Total non-zero metrics {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":100,"time":{"ms":102}},"total":{"ticks":470,"time":{"ms":475},"value":470},"user":{"ticks":370,"time":{"ms":373}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":9},"info":{"ephemeral_id":"fa24e2f0-80c0-43e1-b064-c1023e53f8df","uptime":{"ms":3283}},"memstats":{"gc_next":18261152,"memory_alloc":12595208,"memory_total":69766168,"rss":50475008},"runtime":{"goroutines":12}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"elasticsearch"},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"cpu":{"cores":6},"load":{"1":0.01,"15":0.09,"5":0.1,"norm":{"1":0.0017,"15":0.015,"5":0.0167}}}}}}
	2020-12-15T08:43:40.989+0700 INFO [monitoring] log/log.go:154 Uptime: 3.285303974s
	2020-12-15T08:43:40.989+0700 INFO [monitoring] log/log.go:131 Stopping metrics logging.
	2020-12-15T08:43:40.989+0700 INFO instance/beat.go:461 filebeat stopped.
	2020-12-15T08:43:40.989+0700 ERROR instance/beat.go:956 Exiting: Failed to start crawler: creating module reloader failed: 1 error: invalid config: yaml: line 21: did not find expected key
	loading configs
	github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Check
	/go/src/github.com/elastic/beats/libbeat/cfgfile/reload.go:143
	github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start
	/go/src/github.com/elastic/beats/filebeat/beater/crawler.go:91
	github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run
	/go/src/github.com/elastic/beats/filebeat/beater/filebeat.go:438
	github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch
	/go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:461
	github.com/elastic/beats/v7/libbeat/cmd/instance.Run.func1
	/go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:189
	github.com/elastic/beats/v7/libbeat/cmd/instance.Run
	/go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:190
	github.com/elastic/beats/v7/libbeat/cmd.genRunCmd.func1
	/go/src/github.com/elastic/beats/libbeat/cmd/run.go:36
	github.com/spf13/cobra.(*Command).execute
	/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
	github.com/spf13/cobra.(*Command).ExecuteC
	/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
	github.com/spf13/cobra.(*Command).Execute
	/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
	main.main
	/go/src/github.com/elastic/beats/x-pack/filebeat/main.go:22
	runtime.main
	/usr/local/go/src/runtime/proc.go:203
	runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:1373
	Exiting: Failed to start crawler: creating module reloader failed: 1 error: invalid config: yaml: line 21: did not find expected key
	loading configs
	github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Check
	/go/src/github.com/elastic/beats/libbeat/cfgfile/reload.go:143
	github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start
	/go/src/github.com/elastic/beats/filebeat/beater/crawler.go:91
	github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run
	/go/src/github.com/elastic/beats/filebeat/beater/filebeat.go:438
	github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch
	/go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:461
	github.com/elastic/beats/v7/libbeat/cmd/instance.Run.func1
	/go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:189
	github.com/elastic/beats/v7/libbeat/cmd/instance.Run
	/go/src/github.com/elastic/beats/libbeat/cmd/instance/beat.go:190
	github.com/elastic/beats/v7/libbeat/cmd.genRunCmd.func1
	/go/src/github.com/elastic/beats/libbeat/cmd/run.go:36
	github.com/spf13/cobra.(*Command).execute
	/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
	github.com/spf13/cobra.(*Command).ExecuteC
	/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
	github.com/spf13/cobra.(*Command).Execute
	/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
	main.main
	/go/src/github.com/elastic/beats/x-pack/filebeat/main.go:22
	runtime.main
	/usr/local/go/src/runtime/proc.go:203
	runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:1373