filebeat debug log, with autodiscover, docker, and nginx module

filebeat.log

2018-10-11T10:54:21.215Z	INFO	instance/beat.go:544	Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2018-10-11T10:54:21.215Z	DEBUG	[beat]	instance/beat.go:571	Beat metadata path: /var/lib/filebeat/meta.json
2018-10-11T10:54:21.215Z	INFO	instance/beat.go:551	Beat UUID: 74f80d57-790c-4381-8909-d6680117160a
2018-10-11T10:54:21.215Z	DEBUG	[seccomp]	seccomp/seccomp.go:109	Loading syscall filter	{"seccomp_filter": {"no_new_privs":true,"flag":"tsync","policy":{"default_action":"errno","syscalls":[{"names":["accept","accept4","access","arch_prctl","bind","brk","clock_gettime","clone","close","connect","dup","dup2","epoll_create","epoll_create1","epoll_ctl","epoll_pwait","epoll_wait","exit","exit_group","fchdir","fchmod","fchown","fcntl","fdatasync","flock","fstat","fsync","ftruncate","futex","getcwd","getdents","getdents64","geteuid","getgid","getpeername","getpid","getppid","getrandom","getrusage","getsockname","getsockopt","gettid","gettimeofday","getuid","inotify_add_watch","inotify_init1","inotify_rm_watch","ioctl","kill","listen","lseek","lstat","madvise","mincore","mkdirat","mmap","mprotect","munmap","nanosleep","newfstatat","open","openat","pipe","pipe2","poll","pread64","pselect6","pwrite64","read","readlink","readlinkat","recvfrom","recvmmsg","recvmsg","rename","renameat","rt_sigaction","rt_sigprocmask","rt_sigreturn","sched_getaffinity","sched_yield","sendfile","sendmmsg","sendmsg","sendto","set_robust_list","setitimer","setsockopt","shutdown","sigaltstack","socket","stat","statfs","sysinfo","tgkill","time","tkill","uname","unlink","unlinkat","wait4","waitid","write","writev"],"action":"allow"}]}}}
2018-10-11T10:54:21.216Z	INFO	[seccomp]	seccomp/seccomp.go:116	Syscall filter successfully installed
2018-10-11T10:54:21.216Z	INFO	[beat]	instance/beat.go:768	Beat info	{"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "74f80d57-790c-4381-8909-d6680117160a"}}}
2018-10-11T10:54:21.216Z	INFO	[beat]	instance/beat.go:777	Build info	{"system_info": {"build": {"commit": "37b5f2d2a20f2734b2373a454b4b4cbb2627e841", "libbeat": "6.4.1", "time": "2018-09-13T21:25:47.000Z", "version": "6.4.1"}}}
2018-10-11T10:54:21.216Z	INFO	[beat]	instance/beat.go:780	Go runtime info	{"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":1,"version":"go1.10.3"}}}
2018-10-11T10:54:21.217Z	INFO	[beat]	instance/beat.go:784	Host info	{"system_info": {"host": {"architecture":"x86_64","boot_time":"2018-10-05T09:26:40Z","containerized":true,"hostname":"ip-172-31-39-176","ips":["127.0.0.1/8","::1/128","172.31.39.176/20","fe80::89b:72ff:fea2:1a58/64","172.17.0.1/16","fe80::42:bfff:feca:e5e3/64","fe80::1c00:6dff:fe88:28d3/64","fe80::64f4:31ff:feb6:25bf/64"],"kernel_version":"4.14.67-66.56.amzn1.x86_64","mac_addresses":["0a:9b:72:a2:1a:58","02:42:bf:ca:e5:e3","1e:00:6d:88:28:d3","66:f4:31:b6:25:bf"],"os":{"family":"","platform":"amzn","name":"Amazon Linux AMI","version":"2018.03","major":2018,"minor":3,"patch":0},"timezone":"UTC","timezone_offset_sec":0}}}
2018-10-11T10:54:21.217Z	INFO	[beat]	instance/beat.go:813	Process info	{"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"ambient":null}, "cwd": "/etc/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 28583, "ppid": 10703, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2018-10-11T10:54:20.870Z"}}}
2018-10-11T10:54:21.218Z	INFO	instance/beat.go:273	Setup Beat: filebeat; Version: 6.4.1
2018-10-11T10:54:21.218Z	DEBUG	[beat]	instance/beat.go:290	Initializing output plugins
2018-10-11T10:54:21.218Z	DEBUG	[processors]	processors/processor.go:66	Processors: 
2018-10-11T10:54:21.219Z	INFO	elasticsearch/client.go:163	Elasticsearch url: http://172.31.5.176:9200
2018-10-11T10:54:21.219Z	DEBUG	[publish]	pipeline/consumer.go:137	start pipeline event consumer
2018-10-11T10:54:21.219Z	INFO	pipeline/module.go:98	Beat name: ip-172-31-39-176
2018-10-11T10:54:21.220Z	INFO	beater/filebeat.go:98	Enabled modules/filesets:  (), system (auth, syslog)
2018-10-11T10:54:21.221Z	INFO	elasticsearch/client.go:163	Elasticsearch url: http://172.31.5.176:9200
2018-10-11T10:54:21.221Z	DEBUG	[elasticsearch]	elasticsearch/client.go:688	ES Ping(url=http://172.31.5.176:9200)
2018-10-11T10:54:21.221Z	INFO	[monitoring]	log/log.go:114	Starting metrics logging every 30s
2018-10-11T10:54:21.231Z	DEBUG	[elasticsearch]	elasticsearch/client.go:711	Ping status code: 200
2018-10-11T10:54:21.231Z	INFO	elasticsearch/client.go:712	Connected to Elasticsearch version 6.4.0
2018-10-11T10:54:21.231Z	DEBUG	[dashboards]	dashboards/es_loader.go:329	Initialize the Elasticsearch 6.4.0 loader
2018-10-11T10:54:21.231Z	DEBUG	[dashboards]	dashboards/es_loader.go:329	Elasticsearch URL http://172.31.5.176:9200
2018-10-11T10:54:21.231Z	INFO	kibana/client.go:113	Kibana url: http://172.31.5.176:5601
2018-10-11T10:54:21.248Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Initialize the Kibana 6.4.0 loader
2018-10-11T10:54:21.248Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Kibana URL http://172.31.5.176:5601
2018-10-11T10:54:21.248Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Importing directory /usr/share/filebeat/kibana/6
2018-10-11T10:54:21.248Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import directory /usr/share/filebeat/kibana/6
2018-10-11T10:54:21.248Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import index-pattern from /usr/share/filebeat/kibana/6/index-pattern/filebeat.json
2018-10-11T10:54:21.970Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import directory /usr/share/filebeat/kibana/6
2018-10-11T10:54:21.970Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-Kafka-overview.json
2018-10-11T10:54:23.026Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-Mongodb-overview.json
2018-10-11T10:54:24.046Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-Postgresql-overview.json
2018-10-11T10:54:25.066Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-Postgresql-slowlogs.json
2018-10-11T10:54:26.086Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-apache2.json
2018-10-11T10:54:27.075Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-auditd.json
2018-10-11T10:54:28.183Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-auth-sudo-commands.json
2018-10-11T10:54:29.222Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-icinga-debug-log.json
2018-10-11T10:54:30.230Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-icinga-main-log.json
2018-10-11T10:54:31.246Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-icinga-startup-errors.json
2018-10-11T10:54:32.254Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-iis.json
2018-10-11T10:54:33.218Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-logstash-log.json
2018-10-11T10:54:34.282Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-logstash-slowlog.json
2018-10-11T10:54:35.240Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-mysql.json
2018-10-11T10:54:36.265Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-new-users-and-groups.json
2018-10-11T10:54:37.370Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-nginx-logs.json
2018-10-11T10:54:38.427Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-nginx-overview.json
2018-10-11T10:54:39.396Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-redis.json
2018-10-11T10:54:40.404Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-ssh-login-attempts.json
2018-10-11T10:54:41.463Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-syslog.json
2018-10-11T10:54:42.502Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/Filebeat-traefik-overview.json
2018-10-11T10:54:43.504Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/ml-nginx-access-remote-ip-count-explorer.json
2018-10-11T10:54:44.544Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/ml-nginx-remote-ip-url-explorer.json
2018-10-11T10:54:45.550Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/ml-traefik-access-remote-ip-count-explorer.json
2018-10-11T10:54:46.656Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/ml-traefik-remote-ip-url-explorer.json
2018-10-11T10:54:47.659Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/osquery-compliance.json
2018-10-11T10:54:48.676Z	DEBUG	[dashboards]	dashboards/kibana_loader.go:138	Import dashboard from /usr/share/filebeat/kibana/6/dashboard/osquery-rootkit.json
2018-10-11T10:54:49.726Z	INFO	instance/beat.go:659	Kibana dashboards successfully loaded.
2018-10-11T10:54:49.726Z	INFO	instance/beat.go:367	filebeat start running.
2018-10-11T10:54:49.726Z	DEBUG	[registrar]	registrar/registrar.go:114	Registry file set to: /var/lib/filebeat/registry
2018-10-11T10:54:49.726Z	INFO	registrar/registrar.go:134	Loading registrar data from /var/lib/filebeat/registry
2018-10-11T10:54:49.727Z	INFO	registrar/registrar.go:141	States Loaded from registrar: 5
2018-10-11T10:54:49.727Z	INFO	crawler/crawler.go:72	Loading Inputs: 2
2018-10-11T10:54:49.727Z	DEBUG	[processors]	processors/processor.go:66	Processors: 
2018-10-11T10:54:49.727Z	DEBUG	[input]	log/config.go:200	recursive glob enabled
2018-10-11T10:54:49.727Z	DEBUG	[input]	log/input.go:147	exclude_files: [(?-s:.)gz(?-m:$)]. Number of stats: 5
2018-10-11T10:54:49.727Z	DEBUG	[input]	file/states.go:68	New state added for /var/log/secure
2018-10-11T10:54:49.727Z	DEBUG	[registrar]	registrar/registrar.go:267	Starting Registrar
2018-10-11T10:54:49.727Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 1}
2018-10-11T10:54:49.727Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 1 events
2018-10-11T10:54:49.727Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 1
2018-10-11T10:54:49.727Z	DEBUG	[registrar]	registrar/registrar.go:335	Registrar states cleaned up. Before: 5, After: 5, Pending: 0
2018-10-11T10:54:49.727Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:49.728Z	DEBUG	[input]	file/states.go:68	New state added for /var/log/secure-20181007
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:168	input with previous states loaded: 2
2018-10-11T10:54:49.728Z	INFO	log/input.go:138	Configured paths: [/var/log/auth.log* /var/log/secure*]
2018-10-11T10:54:49.728Z	INFO	input/input.go:114	Starting input of type: log; ID: 9440489671594294253 
2018-10-11T10:54:49.728Z	DEBUG	[processors]	processors/processor.go:66	Processors: 
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/config.go:200	recursive glob enabled
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:147	exclude_files: [(?-s:.)gz(?-m:$)]. Number of stats: 5
2018-10-11T10:54:49.728Z	DEBUG	[input]	file/states.go:68	New state added for /var/log/messages
2018-10-11T10:54:49.728Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 1}
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure, offset: 616251
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure-20181007
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure-20181007, offset: 207557
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure-20181007
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:54:49.728Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 1}
2018-10-11T10:54:49.728Z	DEBUG	[input]	file/states.go:68	New state added for /var/log/messages-20181007
2018-10-11T10:54:49.728Z	DEBUG	[input]	log/input.go:168	input with previous states loaded: 2
2018-10-11T10:54:49.728Z	INFO	log/input.go:138	Configured paths: [/var/log/messages* /var/log/syslog*]
2018-10-11T10:54:49.728Z	INFO	input/input.go:114	Starting input of type: log; ID: 7243938024671766992 
2018-10-11T10:54:49.729Z	DEBUG	[cfgfile]	cfgfile/reload.go:109	Checking module configs from: /usr/share/filebeat/modules.d/*.yml
2018-10-11T10:54:49.729Z	DEBUG	[cfgfile]	cfgfile/reload.go:123	Number of module configs found: 0
2018-10-11T10:54:49.729Z	INFO	crawler/crawler.go:106	Loading and starting Inputs completed. Enabled inputs: 2
2018-10-11T10:54:49.729Z	WARN	[cfgwarn]	docker/docker.go:51	BETA: The docker autodiscover is beta
2018-10-11T10:54:49.729Z	DEBUG	[docker]	docker/client.go:46	Negotiating client version
2018-10-11T10:54:49.729Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:49.729Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages
2018-10-11T10:54:49.729Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages, offset: 481463
2018-10-11T10:54:49.729Z	DEBUG	[input]	log/input.go:503	Resuming harvesting of file: /var/log/messages, offset: 481463, new size: 482458
2018-10-11T10:54:49.729Z	DEBUG	[harvester]	log/harvester.go:481	Set previous offset for file: /var/log/messages. Offset: 481463 
2018-10-11T10:54:49.729Z	DEBUG	[harvester]	log/harvester.go:472	Setting offset for file: /var/log/messages. Offset: 481463 
2018-10-11T10:54:49.729Z	DEBUG	[harvester]	log/harvester.go:387	Update state: /var/log/messages, offset: 481463
2018-10-11T10:54:49.729Z	INFO	cfgfile/reload.go:141	Config reloader started
2018-10-11T10:54:49.729Z	DEBUG	[cfgfile]	cfgfile/reload.go:167	Scan for new config files
2018-10-11T10:54:49.729Z	DEBUG	[cfgfile]	cfgfile/reload.go:186	Number of module configs found: 0
2018-10-11T10:54:49.729Z	DEBUG	[reload]	cfgfile/list.go:70	Starting reload procedure, current runners: 0
2018-10-11T10:54:49.729Z	DEBUG	[reload]	cfgfile/list.go:88	Start list: 0, Stop list: 0
2018-10-11T10:54:49.729Z	INFO	cfgfile/reload.go:196	Loading of config files completed.
2018-10-11T10:54:49.730Z	DEBUG	[docker]	docker/client.go:63	Client version set to 1.30
2018-10-11T10:54:49.730Z	DEBUG	[processors]	conditions/conditions.go:93	New condition contains: map[]
2018-10-11T10:54:49.730Z	DEBUG	[docker]	docker/watcher.go:185	Start docker containers scanner
2018-10-11T10:54:49.737Z	DEBUG	[autodiscover]	autodiscover/autodiscover.go:81	Configured autodiscover provider: docker
2018-10-11T10:54:49.737Z	INFO	autodiscover/autodiscover.go:102	Starting autodiscover manager
2018-10-11T10:54:49.737Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:49.737Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 1 events
2018-10-11T10:54:49.737Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 1
2018-10-11T10:54:49.737Z	DEBUG	[registrar]	registrar/registrar.go:335	Registrar states cleaned up. Before: 5, After: 5, Pending: 0
2018-10-11T10:54:49.737Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:49.737Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 1}
2018-10-11T10:54:49.737Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages-20181007
2018-10-11T10:54:49.737Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages-20181007, offset: 503032
2018-10-11T10:54:49.737Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/messages-20181007
2018-10-11T10:54:49.737Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:54:49.737Z	INFO	log/harvester.go:251	Harvester started for file: /var/log/messages
2018-10-11T10:54:49.737Z	DEBUG	[bus]	bus/bus.go:72	docker: map[start:true container:0xc420165e30]
2018-10-11T10:54:49.738Z	DEBUG	[bus]	bus/bus.go:72	docker: map[start:true container:0xc420165ea0]
2018-10-11T10:54:49.738Z	DEBUG	[bus]	bus/bus.go:72	docker: map[start:true container:0xc42017abd0]
2018-10-11T10:54:49.738Z	DEBUG	[bus]	bus/bus.go:72	filebeat: map[config:[0xc42022be60] start:true host:172.17.0.3 port:443 docker:{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}} meta:{"docker":{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}}}]
2018-10-11T10:54:49.738Z	DEBUG	[bus]	bus/bus.go:72	filebeat: map[start:true host:172.17.0.3 port:80 docker:{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}} meta:{"docker":{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}}} config:[0xc4203ee4b0]]
2018-10-11T10:54:49.738Z	DEBUG	[bus]	bus/bus.go:72	filebeat: map[meta:{"docker":{"container":{"id":"d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7","image":"indiepartners/indie-php:7.2","labels":{"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"php","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}},"indiestore":{"php":{"author":"Claude Juif","description":"Provide php-fpm 7.2 and cli","version":"7.2"}}},"maintainer":"claude.juif@gmail.com"},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00/php"}}} start:true host:172.17.0.2 port:9000 docker:{"container":{"id":"d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7","image":"indiepartners/indie-php:7.2","labels":{"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"php","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}},"indiestore":{"php":{"author":"Claude Juif","description":"Provide php-fpm 7.2 and cli","version":"7.2"}}},"maintainer":"claude.juif@gmail.com"},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00/php"}}]
2018-10-11T10:54:49.738Z	DEBUG	[bus]	bus/bus.go:72	filebeat: map[start:true host:ip-172-31-39-176 docker:{"container":{"id":"db53dff0d838c5b0c11d3d024ae713f3f338f9b79d437835321924e0f801e122","image":"amazon/amazon-ecs-agent:latest","labels":{},"name":"ecs-agent"}} meta:{"docker":{"container":{"id":"db53dff0d838c5b0c11d3d024ae713f3f338f9b79d437835321924e0f801e122","image":"amazon/amazon-ecs-agent:latest","labels":{},"name":"ecs-agent"}}}]
2018-10-11T10:54:49.738Z	DEBUG	[autodiscover]	autodiscover/autodiscover.go:161	Got a start event: map[start:true host:172.17.0.3 port:443 docker:{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}} meta:{"docker":{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}}} config:[0xc42022be60]], generated configs: [0xc42022be60]
2018-10-11T10:54:49.738Z	DEBUG	[autodiscover]	autodiscover/autodiscover.go:234	Got a meta field in the event
2018-10-11T10:54:49.738Z	DEBUG	[autodiscover]	cfgfile/list.go:70	Starting reload procedure, current runners: 0
2018-10-11T10:54:49.738Z	DEBUG	[autodiscover]	cfgfile/list.go:88	Start list: 1, Stop list: 0
2018-10-11T10:54:49.741Z	DEBUG	[processors]	processors/processor.go:66	Processors: 
2018-10-11T10:54:49.741Z	DEBUG	[input]	log/config.go:200	recursive glob enabled
2018-10-11T10:54:49.742Z	DEBUG	[input]	log/input.go:147	exclude_files: [(?-s:.)gz(?-m:$)]. Number of stats: 5
2018-10-11T10:54:49.742Z	DEBUG	[input]	log/input.go:168	input with previous states loaded: 0
2018-10-11T10:54:49.742Z	INFO	log/input.go:138	Configured paths: [/var/log/nginx/access.log*]
2018-10-11T10:54:49.742Z	DEBUG	[processors]	processors/processor.go:66	Processors: 
2018-10-11T10:54:49.742Z	DEBUG	[input]	log/config.go:200	recursive glob enabled
2018-10-11T10:54:49.743Z	DEBUG	[input]	log/input.go:147	exclude_files: [(?-s:.)gz(?-m:$)]. Number of stats: 5
2018-10-11T10:54:49.743Z	DEBUG	[input]	log/input.go:168	input with previous states loaded: 0
2018-10-11T10:54:49.743Z	INFO	log/input.go:138	Configured paths: [/var/log/nginx/error.log*]
2018-10-11T10:54:49.743Z	DEBUG	[autodiscover]	cfgfile/list.go:109	Starting runner: nginx (access, error)
2018-10-11T10:54:49.743Z	INFO	elasticsearch/client.go:163	Elasticsearch url: http://172.31.5.176:9200
2018-10-11T10:54:49.743Z	DEBUG	[elasticsearch]	elasticsearch/client.go:688	ES Ping(url=http://172.31.5.176:9200)
2018-10-11T10:54:49.746Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.737Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "prospector": {
    "type": "log"
  },
  "beat": {
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1",
    "name": "ip-172-31-39-176"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "source": "/var/log/messages",
  "offset": 481463,
  "message": "Oct 11 10:44:49 ip-172-31-39-176 dhclient[2228]: XMT: Solicit on eth0, interval 118680ms.",
  "tags": [
    "nodb"
  ],
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "input": {
    "type": "log"
  }
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.737Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "offset": 481553,
  "prospector": {
    "type": "log"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  },
  "source": "/var/log/messages",
  "message": "Oct 11 10:46:48 ip-172-31-39-176 dhclient[2228]: XMT: Solicit on eth0, interval 119750ms.",
  "tags": [
    "nodb"
  ],
  "input": {
    "type": "log"
  },
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "host": {
    "name": "ip-172-31-39-176"
  }
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.737Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "tags": [
    "nodb"
  ],
  "input": {
    "type": "log"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  },
  "prospector": {
    "type": "log"
  },
  "message": "Oct 11 10:48:29 ip-172-31-39-176 dhclient[2125]: DHCPREQUEST on eth0 to 172.31.32.1 port 67 (xid=0x428ef5ee)",
  "source": "/var/log/messages",
  "offset": 481643,
  "fileset": {
    "name": "syslog",
    "module": "system"
  }
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.737Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "prospector": {
    "type": "log"
  },
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "input": {
    "type": "log"
  },
  "beat": {
    "version": "6.4.1",
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176"
  },
  "source": "/var/log/messages",
  "offset": 481752,
  "message": "Oct 11 10:48:29 ip-172-31-39-176 dhclient[2125]: DHCPACK from 172.31.32.1 (xid=0x428ef5ee)",
  "tags": [
    "nodb"
  ]
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.747Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "tags": [
    "nodb"
  ],
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "source": "/var/log/messages",
  "message": "Oct 11 10:48:29 ip-172-31-39-176 dhclient[2125]: bound to 172.31.39.176 -- renewal in 1507 seconds.",
  "prospector": {
    "type": "log"
  },
  "input": {
    "type": "log"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  },
  "offset": 481843
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.747Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "offset": 481943,
  "tags": [
    "nodb"
  ],
  "input": {
    "type": "log"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  },
  "message": "Oct 11 10:48:29 ip-172-31-39-176 ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/interfaces/macs/0a:9b:72:a2:1a:58/local-ipv4s",
  "source": "/var/log/messages",
  "prospector": {
    "type": "log"
  },
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "host": {
    "name": "ip-172-31-39-176"
  }
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.747Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "offset": 482103,
  "prospector": {
    "type": "log"
  },
  "input": {
    "type": "log"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  },
  "source": "/var/log/messages",
  "message": "Oct 11 10:48:29 ip-172-31-39-176 ec2net: [rewrite_aliases] Rewriting aliases of eth0",
  "tags": [
    "nodb"
  ],
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "host": {
    "name": "ip-172-31-39-176"
  }
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.747Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "prospector": {
    "type": "log"
  },
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "source": "/var/log/messages",
  "offset": 482188,
  "message": "Oct 11 10:48:48 ip-172-31-39-176 dhclient[2228]: XMT: Solicit on eth0, interval 126040ms.",
  "tags": [
    "nodb"
  ],
  "input": {
    "type": "log"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  }
}
2018-10-11T10:54:49.747Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.747Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "input": {
    "type": "log"
  },
  "prospector": {
    "type": "log"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "source": "/var/log/messages",
  "offset": 482278,
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "message": "Oct 11 10:50:54 ip-172-31-39-176 dhclient[2228]: XMT: Solicit on eth0, interval 118280ms.",
  "tags": [
    "nodb"
  ]
}
2018-10-11T10:54:49.747Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:54:49.749Z	DEBUG	[elasticsearch]	elasticsearch/client.go:711	Ping status code: 200
2018-10-11T10:54:49.750Z	INFO	elasticsearch/client.go:712	Connected to Elasticsearch version 6.4.0
2018-10-11T10:54:49.750Z	DEBUG	[modules]	fileset/pipelines.go:45	Required processors: [{user_agent ingest-user-agent} {geoip ingest-geoip}]
2018-10-11T10:54:49.750Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_nodes/ingest  <nil>
2018-10-11T10:54:49.751Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:49.751Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 1 events
2018-10-11T10:54:49.751Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 1
2018-10-11T10:54:49.751Z	DEBUG	[registrar]	registrar/registrar.go:335	Registrar states cleaned up. Before: 5, After: 5, Pending: 0
2018-10-11T10:54:49.751Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:49.751Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 1}
2018-10-11T10:54:49.752Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_ingest/pipeline/filebeat-6.4.1-nginx-access-default  <nil>
2018-10-11T10:54:49.754Z	DEBUG	[modules]	fileset/pipelines.go:71	Pipeline filebeat-6.4.1-nginx-access-default already loaded
2018-10-11T10:54:49.754Z	DEBUG	[modules]	fileset/pipelines.go:45	Required processors: []
2018-10-11T10:54:49.754Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_ingest/pipeline/filebeat-6.4.1-nginx-error-pipeline  <nil>
2018-10-11T10:54:49.755Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:49.755Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 1 events
2018-10-11T10:54:49.755Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 1
2018-10-11T10:54:49.755Z	DEBUG	[registrar]	registrar/registrar.go:335	Registrar states cleaned up. Before: 5, After: 5, Pending: 0
2018-10-11T10:54:49.755Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:49.756Z	DEBUG	[modules]	fileset/pipelines.go:71	Pipeline filebeat-6.4.1-nginx-error-pipeline already loaded
2018-10-11T10:54:49.756Z	INFO	input/input.go:114	Starting input of type: log; ID: 1124017295137584035 
2018-10-11T10:54:49.756Z	INFO	input/input.go:114	Starting input of type: log; ID: 17869331228610529110 
2018-10-11T10:54:49.756Z	DEBUG	[autodiscover]	autodiscover/autodiscover.go:161	Got a start event: map[start:true host:172.17.0.3 port:80 docker:{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}} meta:{"docker":{"container":{"id":"39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5","image":"indiepartners/nginx:0.1.3","labels":{"co":{"elastic":{"logs":{"fileset":{"stderr":"error","stdout":"access"},"module":"nginx"}}},"com":{"amazonaws":{"ecs":{"cluster":"awseb-staging-nodb-kvszembwzy","container-name":"nginx","task-arn":"arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5","task-definition-family":"awseb-staging-nodb-kvszembwzy","task-definition-version":"27"}}},"maintainer":"claude.juif@gmail.com","net":{"vudunet":{"nginx":{"author":"Claude Juif","description":"Nginx Server based on debian buster with support for various upstream","version":"0.1.3"}}}},"name":"ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00"}}} config:[0xc4203ee4b0]], generated configs: [0xc4203ee4b0]
2018-10-11T10:54:49.756Z	DEBUG	[autodiscover]	autodiscover/autodiscover.go:234	Got a meta field in the event
2018-10-11T10:54:49.756Z	DEBUG	[autodiscover]	autodiscover/autodiscover.go:181	Config &{{<nil> } <nil> 0xc420227fc0} is already running
2018-10-11T10:54:49.756Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:49.756Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:54:49.756Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:49.756Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:54:49.758Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:49.758Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 1 events
2018-10-11T10:54:49.758Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 1
2018-10-11T10:54:49.758Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:49.761Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:50.746Z	INFO	pipeline/output.go:95	Connecting to backoff(elasticsearch(http://172.31.5.176:9200))
2018-10-11T10:54:50.746Z	DEBUG	[elasticsearch]	elasticsearch/client.go:688	ES Ping(url=http://172.31.5.176:9200)
2018-10-11T10:54:50.748Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:54:50.750Z	DEBUG	[elasticsearch]	elasticsearch/client.go:711	Ping status code: 200
2018-10-11T10:54:50.750Z	INFO	elasticsearch/client.go:712	Connected to Elasticsearch version 6.4.0
2018-10-11T10:54:50.750Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	HEAD http://172.31.5.176:9200/_template/filebeat-6.4.1  <nil>
2018-10-11T10:54:50.753Z	INFO	template/load.go:129	Template already exists and will not be overwritten.
2018-10-11T10:54:50.753Z	DEBUG	[modules]	fileset/pipelines.go:45	Required processors: []
2018-10-11T10:54:50.753Z	DEBUG	[fileset]	fileset/fileset.go:220	Comparing ES version 6.4.0 with requirement of 6.1.0
2018-10-11T10:54:50.753Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_ingest/pipeline/filebeat-6.4.1-system-auth-pipeline  <nil>
2018-10-11T10:54:50.754Z	DEBUG	[modules]	fileset/pipelines.go:71	Pipeline filebeat-6.4.1-system-auth-pipeline already loaded
2018-10-11T10:54:50.754Z	DEBUG	[modules]	fileset/pipelines.go:45	Required processors: []
2018-10-11T10:54:50.755Z	DEBUG	[fileset]	fileset/fileset.go:220	Comparing ES version 6.4.0 with requirement of 6.1.0
2018-10-11T10:54:50.755Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_ingest/pipeline/filebeat-6.4.1-system-syslog-pipeline  <nil>
2018-10-11T10:54:50.756Z	DEBUG	[modules]	fileset/pipelines.go:71	Pipeline filebeat-6.4.1-system-syslog-pipeline already loaded
2018-10-11T10:54:50.756Z	DEBUG	[modules]	fileset/pipelines.go:45	Required processors: [{user_agent ingest-user-agent} {geoip ingest-geoip}]
2018-10-11T10:54:50.756Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_nodes/ingest  <nil>
2018-10-11T10:54:50.758Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_ingest/pipeline/filebeat-6.4.1-nginx-access-default  <nil>
2018-10-11T10:54:50.760Z	DEBUG	[modules]	fileset/pipelines.go:71	Pipeline filebeat-6.4.1-nginx-access-default already loaded
2018-10-11T10:54:50.760Z	DEBUG	[modules]	fileset/pipelines.go:45	Required processors: []
2018-10-11T10:54:50.760Z	DEBUG	[elasticsearch]	elasticsearch/client.go:730	GET http://172.31.5.176:9200/_ingest/pipeline/filebeat-6.4.1-nginx-error-pipeline  <nil>
2018-10-11T10:54:50.762Z	DEBUG	[modules]	fileset/pipelines.go:71	Pipeline filebeat-6.4.1-nginx-error-pipeline already loaded
2018-10-11T10:54:50.762Z	INFO	pipeline/output.go:105	Connection to backoff(elasticsearch(http://172.31.5.176:9200)) established
2018-10-11T10:54:50.775Z	DEBUG	[elasticsearch]	elasticsearch/client.go:321	PublishEvents: 9 events have been published to elasticsearch in 13.724436ms.
2018-10-11T10:54:50.776Z	DEBUG	[memqueue]	memqueue/ackloop.go:160	ackloop: receive ack [0: 0, 9]
2018-10-11T10:54:50.776Z	DEBUG	[memqueue]	memqueue/eventloop.go:535	broker ACK events: count=9, start-seq=1, end-seq=9

2018-10-11T10:54:50.776Z	DEBUG	[memqueue]	memqueue/ackloop.go:128	ackloop: return ack to broker loop:9
2018-10-11T10:54:50.776Z	DEBUG	[memqueue]	memqueue/ackloop.go:131	ackloop:  done send ack
2018-10-11T10:54:50.776Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 9}
2018-10-11T10:54:50.776Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 9 events
2018-10-11T10:54:50.776Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 9
2018-10-11T10:54:50.776Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:50.779Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:51.223Z	INFO	[monitoring]	log/log.go:141	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":10,"time":{"ms":18}},"total":{"ticks":70,"time":{"ms":83},"value":70},"user":{"ticks":60,"time":{"ms":65}}},"info":{"ephemeral_id":"dfbc0c28-23ed-4fdb-b93d-c5fd5d754230","uptime":{"ms":30012}},"memstats":{"gc_next":4432864,"memory_alloc":3296272,"memory_total":13142312,"rss":23416832}},"filebeat":{"events":{"added":14,"done":14},"harvester":{"open_files":1,"running":1,"started":1}},"libbeat":{"config":{"module":{"running":0},"reloads":1},"output":{"events":{"acked":9,"batches":1,"total":9},"read":{"bytes":4363},"type":"elasticsearch","write":{"bytes":6193}},"pipeline":{"clients":4,"events":{"active":0,"filtered":5,"published":9,"retry":9,"total":14},"queue":{"acked":9}}},"registrar":{"states":{"current":5,"update":14},"writes":{"success":6,"total":6}},"system":{"cpu":{"cores":1},"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}
2018-10-11T10:54:51.427Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_create: /bin/sh -c /ping.sh 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_create: /bin/sh -c /ping.sh {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00 net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream co.elastic.logs.module:nginx image:indiepartners/nginx:0.1.3 co.elastic.logs.fileset.stderr:error com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-version:27 net.vudunet.nginx.author:Claude Juif co.elastic.logs.fileset.stdout:access com.amazonaws.ecs.container-name:nginx execID:8e584dc9af58fc182740020a7a8585c17c526e88b983fdad7129702e71489d24 maintainer:claude.juif@gmail.com net.vudunet.nginx.version:0.1.3 com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy]} local 1539255291 1539255291426563272}
2018-10-11T10:54:51.427Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_start: /bin/sh -c /ping.sh 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_start: /bin/sh -c /ping.sh {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[co.elastic.logs.fileset.stdout:access net.vudunet.nginx.author:Claude Juif com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy image:indiepartners/nginx:0.1.3 com.amazonaws.ecs.task-definition-version:27 maintainer:claude.juif@gmail.com co.elastic.logs.fileset.stderr:error co.elastic.logs.module:nginx com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream net.vudunet.nginx.version:0.1.3 com.amazonaws.ecs.container-name:nginx execID:8e584dc9af58fc182740020a7a8585c17c526e88b983fdad7129702e71489d24 name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00]} local 1539255291 1539255291426687617}
2018-10-11T10:54:51.500Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_die 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_die {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[co.elastic.logs.fileset.stderr:error com.amazonaws.ecs.container-name:nginx exitCode:0 net.vudunet.nginx.author:Claude Juif com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 image:indiepartners/nginx:0.1.3 co.elastic.logs.fileset.stdout:access com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 maintainer:claude.juif@gmail.com net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream co.elastic.logs.module:nginx execID:8e584dc9af58fc182740020a7a8585c17c526e88b983fdad7129702e71489d24 name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00 net.vudunet.nginx.version:0.1.3]} local 1539255291 1539255291499982660}
2018-10-11T10:54:51.508Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_create: /bin/sh -c /ping.sh d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_create: /bin/sh -c /ping.sh {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[execID:7794f5d75dd185744a9564904d6f9a401386408fd21089b9d68b4f61a3645122 name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500 com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 com.indiestore.php.author:Claude Juif com.indiestore.php.description:Provide php-fpm 7.2 and cli com.indiestore.php.version:7.2 image:indiepartners/indie-php:7.2 com.amazonaws.ecs.container-name:php maintainer:claude.juif@gmail.com]} local 1539255291 1539255291507961536}
2018-10-11T10:54:51.508Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_start: /bin/sh -c /ping.sh d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_start: /bin/sh -c /ping.sh {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.indiestore.php.author:Claude Juif com.indiestore.php.description:Provide php-fpm 7.2 and cli image:indiepartners/indie-php:7.2 com.amazonaws.ecs.container-name:php com.amazonaws.ecs.task-definition-version:27 com.indiestore.php.version:7.2 execID:7794f5d75dd185744a9564904d6f9a401386408fd21089b9d68b4f61a3645122 maintainer:claude.juif@gmail.com name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500]} local 1539255291 1539255291508083841}
2018-10-11T10:54:51.581Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_die d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_die {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.indiestore.php.description:Provide php-fpm 7.2 and cli com.indiestore.php.version:7.2 execID:7794f5d75dd185744a9564904d6f9a401386408fd21089b9d68b4f61a3645122 maintainer:claude.juif@gmail.com name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500 com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.container-name:php com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 com.indiestore.php.author:Claude Juif exitCode:0 image:indiepartners/indie-php:7.2]} local 1539255291 1539255291580697288}
2018-10-11T10:54:52.748Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:54:52.748Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:49.747Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "prospector": {
    "type": "log"
  },
  "input": {
    "type": "log"
  },
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "source": "/var/log/messages",
  "message": "Oct 11 10:52:53 ip-172-31-39-176 dhclient[2228]: XMT: Solicit on eth0, interval 119180ms.",
  "tags": [
    "nodb"
  ],
  "offset": 482368,
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  }
}
2018-10-11T10:54:53.748Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:54:53.754Z	DEBUG	[elasticsearch]	elasticsearch/client.go:321	PublishEvents: 1 events have been published to elasticsearch in 5.641638ms.
2018-10-11T10:54:53.754Z	DEBUG	[memqueue]	memqueue/ackloop.go:160	ackloop: receive ack [1: 0, 1]
2018-10-11T10:54:53.754Z	DEBUG	[memqueue]	memqueue/eventloop.go:535	broker ACK events: count=1, start-seq=10, end-seq=10

2018-10-11T10:54:53.754Z	DEBUG	[memqueue]	memqueue/ackloop.go:128	ackloop: return ack to broker loop:1
2018-10-11T10:54:53.754Z	DEBUG	[memqueue]	memqueue/ackloop.go:131	ackloop:  done send ack
2018-10-11T10:54:53.754Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 1}
2018-10-11T10:54:53.754Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 1 events
2018-10-11T10:54:53.754Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 1
2018-10-11T10:54:53.754Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:53.758Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:55.749Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:54:57.748Z	DEBUG	[multiline]	multiline/multiline.go:174	Multiline event flushed because timeout reached.
2018-10-11T10:54:57.748Z	DEBUG	[publish]	pipeline/processor.go:308	Publish event: {
  "@timestamp": "2018-10-11T10:54:52.748Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "6.4.1",
    "pipeline": "filebeat-6.4.1-system-syslog-pipeline"
  },
  "message": "Oct 11 10:54:52 ip-172-31-39-176 dhclient[2228]: XMT: Solicit on eth0, interval 117780ms.",
  "tags": [
    "nodb"
  ],
  "prospector": {
    "type": "log"
  },
  "input": {
    "type": "log"
  },
  "fileset": {
    "name": "syslog",
    "module": "system"
  },
  "beat": {
    "name": "ip-172-31-39-176",
    "hostname": "ip-172-31-39-176",
    "version": "6.4.1"
  },
  "host": {
    "name": "ip-172-31-39-176"
  },
  "source": "/var/log/messages",
  "offset": 482458
}
2018-10-11T10:54:58.766Z	DEBUG	[elasticsearch]	elasticsearch/client.go:321	PublishEvents: 1 events have been published to elasticsearch in 17.250788ms.
2018-10-11T10:54:58.766Z	DEBUG	[memqueue]	memqueue/ackloop.go:160	ackloop: receive ack [2: 0, 1]
2018-10-11T10:54:58.766Z	DEBUG	[memqueue]	memqueue/eventloop.go:535	broker ACK events: count=1, start-seq=11, end-seq=11

2018-10-11T10:54:58.766Z	DEBUG	[memqueue]	memqueue/ackloop.go:128	ackloop: return ack to broker loop:1
2018-10-11T10:54:58.766Z	DEBUG	[memqueue]	memqueue/ackloop.go:131	ackloop:  done send ack
2018-10-11T10:54:58.766Z	DEBUG	[acker]	beater/acker.go:64	stateful ack	{"count": 1}
2018-10-11T10:54:58.766Z	DEBUG	[registrar]	registrar/registrar.go:345	Processing 1 events
2018-10-11T10:54:58.766Z	DEBUG	[registrar]	registrar/registrar.go:315	Registrar state updates processed. Count: 1
2018-10-11T10:54:58.766Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:54:58.769Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:54:59.729Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure-20181007
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure-20181007, offset: 207557
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure-20181007
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure, offset: 616251
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure
2018-10-11T10:54:59.729Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:54:59.738Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages, offset: 482548
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:546	Harvester for file is still running: /var/log/messages
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages-20181007
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages-20181007, offset: 503032
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/messages-20181007
2018-10-11T10:54:59.738Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:54:59.749Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:54:59.756Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:54:59.756Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:59.756Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:54:59.756Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:54:59.756Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:54:59.756Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:07.749Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:55:09.729Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:09.729Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:09.730Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure
2018-10-11T10:55:09.730Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure, offset: 616251
2018-10-11T10:55:09.730Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure
2018-10-11T10:55:09.730Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure-20181007
2018-10-11T10:55:09.730Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure-20181007, offset: 207557
2018-10-11T10:55:09.730Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure-20181007
2018-10-11T10:55:09.730Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:09.738Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages, offset: 482548
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:546	Harvester for file is still running: /var/log/messages
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages-20181007
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages-20181007, offset: 503032
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/messages-20181007
2018-10-11T10:55:09.738Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:09.756Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:09.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:09.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:09.757Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:09.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:09.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:17.749Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:55:19.730Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure, offset: 616251
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure-20181007
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure-20181007, offset: 207557
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure-20181007
2018-10-11T10:55:19.730Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:19.739Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages, offset: 482548
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:546	Harvester for file is still running: /var/log/messages
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages-20181007
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages-20181007, offset: 503032
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/messages-20181007
2018-10-11T10:55:19.739Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:19.757Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:19.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:19.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:19.757Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:19.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:19.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:21.222Z	INFO	[monitoring]	log/log.go:141	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":20,"time":{"ms":3}},"total":{"ticks":90,"time":{"ms":10},"value":90},"user":{"ticks":70,"time":{"ms":7}}},"info":{"ephemeral_id":"dfbc0c28-23ed-4fdb-b93d-c5fd5d754230","uptime":{"ms":60012}},"memstats":{"gc_next":4194304,"memory_alloc":2197112,"memory_total":14026136,"rss":323584}},"filebeat":{"events":{"added":2,"done":2},"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":2,"batches":2,"total":2},"read":{"bytes":682},"write":{"bytes":1464}},"pipeline":{"clients":4,"events":{"active":0,"published":2,"total":2},"queue":{"acked":2}}},"registrar":{"states":{"current":5,"update":2},"writes":{"success":2,"total":2}},"system":{"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}
2018-10-11T10:55:21.506Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_create: /bin/sh -c /ping.sh 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_create: /bin/sh -c /ping.sh {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[net.vudunet.nginx.version:0.1.3 com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00 co.elastic.logs.fileset.stderr:error com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 maintainer:claude.juif@gmail.com net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream net.vudunet.nginx.author:Claude Juif co.elastic.logs.fileset.stdout:access co.elastic.logs.module:nginx com.amazonaws.ecs.container-name:nginx execID:b508cb6a9a9b1883e0497b2f03871a39a9a0bd2c083cf88cd1fb7e6ba32e0332 image:indiepartners/nginx:0.1.3]} local 1539255321 1539255321505654574}
2018-10-11T10:55:21.506Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_start: /bin/sh -c /ping.sh 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_start: /bin/sh -c /ping.sh {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 execID:b508cb6a9a9b1883e0497b2f03871a39a9a0bd2c083cf88cd1fb7e6ba32e0332 co.elastic.logs.fileset.stdout:access co.elastic.logs.module:nginx com.amazonaws.ecs.container-name:nginx name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00 net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream net.vudunet.nginx.version:0.1.3 com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy maintainer:claude.juif@gmail.com net.vudunet.nginx.author:Claude Juif co.elastic.logs.fileset.stderr:error image:indiepartners/nginx:0.1.3]} local 1539255321 1539255321505779214}
2018-10-11T10:55:21.576Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_die 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_die {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[com.amazonaws.ecs.container-name:nginx exitCode:0 net.vudunet.nginx.version:0.1.3 co.elastic.logs.fileset.stderr:error co.elastic.logs.fileset.stdout:access net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream co.elastic.logs.module:nginx com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 maintainer:claude.juif@gmail.com net.vudunet.nginx.author:Claude Juif com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy execID:b508cb6a9a9b1883e0497b2f03871a39a9a0bd2c083cf88cd1fb7e6ba32e0332 image:indiepartners/nginx:0.1.3 name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00]} local 1539255321 1539255321575302885}
2018-10-11T10:55:21.586Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_create: /bin/sh -c /ping.sh d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_create: /bin/sh -c /ping.sh {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500 com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy execID:e60d4a6a289aee986cf87f07ad2ce36af0742696ee5b5f811ba04fc8635a19eb maintainer:claude.juif@gmail.com com.indiestore.php.description:Provide php-fpm 7.2 and cli com.indiestore.php.version:7.2 image:indiepartners/indie-php:7.2 com.amazonaws.ecs.container-name:php com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-version:27 com.indiestore.php.author:Claude Juif]} local 1539255321 1539255321586242140}
2018-10-11T10:55:21.586Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_start: /bin/sh -c /ping.sh d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_start: /bin/sh -c /ping.sh {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[com.indiestore.php.author:Claude Juif com.indiestore.php.version:7.2 image:indiepartners/indie-php:7.2 maintainer:claude.juif@gmail.com com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-version:27 com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.indiestore.php.description:Provide php-fpm 7.2 and cli execID:e60d4a6a289aee986cf87f07ad2ce36af0742696ee5b5f811ba04fc8635a19eb name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500 com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.container-name:php]} local 1539255321 1539255321586365739}
2018-10-11T10:55:21.657Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_die d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_die {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 com.indiestore.php.author:Claude Juif image:indiepartners/indie-php:7.2 name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500 com.amazonaws.ecs.container-name:php com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.indiestore.php.description:Provide php-fpm 7.2 and cli com.indiestore.php.version:7.2 execID:e60d4a6a289aee986cf87f07ad2ce36af0742696ee5b5f811ba04fc8635a19eb exitCode:0 maintainer:claude.juif@gmail.com]} local 1539255321 1539255321656341160}
2018-10-11T10:55:27.750Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:55:29.730Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:29.730Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:29.731Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure
2018-10-11T10:55:29.731Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure, offset: 616251
2018-10-11T10:55:29.731Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure
2018-10-11T10:55:29.731Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure-20181007
2018-10-11T10:55:29.731Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure-20181007, offset: 207557
2018-10-11T10:55:29.731Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure-20181007
2018-10-11T10:55:29.731Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:29.739Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages, offset: 482548
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:546	Harvester for file is still running: /var/log/messages
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages-20181007
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages-20181007, offset: 503032
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/messages-20181007
2018-10-11T10:55:29.739Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:29.757Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:29.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:29.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:29.757Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:29.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:29.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:37.750Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:55:39.731Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure, offset: 616251
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure-20181007
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure-20181007, offset: 207557
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure-20181007
2018-10-11T10:55:39.731Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:39.739Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages-20181007
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages-20181007, offset: 503032
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/messages-20181007
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages, offset: 482548
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:546	Harvester for file is still running: /var/log/messages
2018-10-11T10:55:39.740Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:39.757Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:39.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:39.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:39.757Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:39.757Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:39.757Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:47.750Z	DEBUG	[harvester]	log/log.go:102	End of file reached: /var/log/messages; Backoff now.
2018-10-11T10:55:49.731Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:49.731Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:49.732Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure
2018-10-11T10:55:49.732Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure, offset: 616251
2018-10-11T10:55:49.732Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure
2018-10-11T10:55:49.732Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/secure-20181007
2018-10-11T10:55:49.732Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/secure-20181007, offset: 207557
2018-10-11T10:55:49.732Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/secure-20181007
2018-10-11T10:55:49.732Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:49.740Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages, offset: 482548
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:546	Harvester for file is still running: /var/log/messages
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:404	Check file for harvesting: /var/log/messages-20181007
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:494	Update existing file for harvesting: /var/log/messages-20181007, offset: 503032
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:548	File didn't change: /var/log/messages-20181007
2018-10-11T10:55:49.740Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 2, After: 2, Pending: 0
2018-10-11T10:55:49.758Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:49.758Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:49.758Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:49.758Z	DEBUG	[input]	input/input.go:152	Run input
2018-10-11T10:55:49.758Z	DEBUG	[input]	log/input.go:174	Start next scan
2018-10-11T10:55:49.758Z	DEBUG	[input]	log/input.go:195	input states cleaned up. Before: 0, After: 0, Pending: 0
2018-10-11T10:55:51.222Z	INFO	[monitoring]	log/log.go:141	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":20,"time":{"ms":2}},"total":{"ticks":90,"time":{"ms":7},"value":90},"user":{"ticks":70,"time":{"ms":5}}},"info":{"ephemeral_id":"dfbc0c28-23ed-4fdb-b93d-c5fd5d754230","uptime":{"ms":90012}},"memstats":{"gc_next":4194304,"memory_alloc":2658472,"memory_total":14487496,"rss":258048}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":4,"events":{"active":0}}},"registrar":{"states":{"current":5}},"system":{"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}
2018-10-11T10:55:51.582Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_create: /bin/sh -c /ping.sh 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_create: /bin/sh -c /ping.sh {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[co.elastic.logs.module:nginx com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream com.amazonaws.ecs.container-name:nginx execID:b62f8670a62277977ad29e8fed3928b29e72fab5afb447b0b9c8291f0219efe1 image:indiepartners/nginx:0.1.3 net.vudunet.nginx.version:0.1.3 co.elastic.logs.fileset.stderr:error co.elastic.logs.fileset.stdout:access com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 maintainer:claude.juif@gmail.com name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00 net.vudunet.nginx.author:Claude Juif]} local 1539255351 1539255351581473030}
2018-10-11T10:55:51.582Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_start: /bin/sh -c /ping.sh 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_start: /bin/sh -c /ping.sh {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[net.vudunet.nginx.version:0.1.3 co.elastic.logs.fileset.stderr:error image:indiepartners/nginx:0.1.3 net.vudunet.nginx.author:Claude Juif execID:b62f8670a62277977ad29e8fed3928b29e72fab5afb447b0b9c8291f0219efe1 co.elastic.logs.module:nginx com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 maintainer:claude.juif@gmail.com co.elastic.logs.fileset.stdout:access com.amazonaws.ecs.container-name:nginx name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00]} local 1539255351 1539255351581599153}
2018-10-11T10:55:51.651Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_die 39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 indiepartners/nginx:0.1.3 container exec_die {39bed0a383ef7f823abaebc157b196425f461733029d6a5ed98a21559beb7ba5 map[com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 net.vudunet.nginx.author:Claude Juif net.vudunet.nginx.description:Nginx Server based on debian buster with support for various upstream exitCode:0 maintainer:claude.juif@gmail.com name:ecs-awseb-staging-nodb-kvszembwzy-27-nginx-d099abdceee0cbd14d00 co.elastic.logs.fileset.stderr:error co.elastic.logs.module:nginx com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.container-name:nginx com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy execID:b62f8670a62277977ad29e8fed3928b29e72fab5afb447b0b9c8291f0219efe1 image:indiepartners/nginx:0.1.3 net.vudunet.nginx.version:0.1.3 co.elastic.logs.fileset.stdout:access com.amazonaws.ecs.task-definition-version:27]} local 1539255351 1539255351650705911}
2018-10-11T10:55:51.662Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_create: /bin/sh -c /ping.sh d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_create: /bin/sh -c /ping.sh {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.container-name:php com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.indiestore.php.author:Claude Juif com.indiestore.php.version:7.2 image:indiepartners/indie-php:7.2 maintainer:claude.juif@gmail.com com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-version:27 com.indiestore.php.description:Provide php-fpm 7.2 and cli execID:a3e02f74cebed1a8791222f86bf1a2108d9f710170e96ca8dd7f6b0aea70a746 name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500]} local 1539255351 1539255351662010190}
2018-10-11T10:55:51.662Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_start: /bin/sh -c /ping.sh d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_start: /bin/sh -c /ping.sh {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy execID:a3e02f74cebed1a8791222f86bf1a2108d9f710170e96ca8dd7f6b0aea70a746 image:indiepartners/indie-php:7.2 maintainer:claude.juif@gmail.com com.amazonaws.ecs.container-name:php com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27 com.indiestore.php.author:Claude Juif com.indiestore.php.description:Provide php-fpm 7.2 and cli com.indiestore.php.version:7.2 name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500]} local 1539255351 1539255351662132516}
2018-10-11T10:55:51.732Z	DEBUG	[docker]	docker/watcher.go:239	Got a new docker event: {exec_die d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 indiepartners/indie-php:7.2 container exec_die {d85e4a40649c4ab5f08f4257be6e478f6ef5889650d3c55900642b42265c34a7 map[execID:a3e02f74cebed1a8791222f86bf1a2108d9f710170e96ca8dd7f6b0aea70a746 image:indiepartners/indie-php:7.2 name:ecs-awseb-staging-nodb-kvszembwzy-27-php-aeefa18cfde2d3941500 com.amazonaws.ecs.container-name:php com.amazonaws.ecs.task-arn:arn:aws:ecs:us-east-2:755364648631:task/3700c5fb-8c14-46f1-a1b2-d547697fe3e5 com.indiestore.php.author:Claude Juif com.indiestore.php.description:Provide php-fpm 7.2 and cli com.indiestore.php.version:7.2 exitCode:0 maintainer:claude.juif@gmail.com com.amazonaws.ecs.cluster:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-family:awseb-staging-nodb-kvszembwzy com.amazonaws.ecs.task-definition-version:27]} local 1539255351 1539255351730551929}
2018-10-11T10:55:56.445Z	DEBUG	[service]	service/service.go:51	Received sigterm/sigint, stopping
2018-10-11T10:55:56.445Z	INFO	beater/filebeat.go:437	Stopping filebeat
2018-10-11T10:55:56.445Z	INFO	[autodiscover]	cfgfile/list.go:126	Stopping 1 runners ...
2018-10-11T10:55:56.445Z	DEBUG	[autodiscover]	cfgfile/list.go:137	Stopping runner: nginx (access, error)
2018-10-11T10:55:56.445Z	INFO	input/input.go:149	input ticker stopped
2018-10-11T10:55:56.445Z	INFO	input/input.go:167	Stopping Input: 1124017295137584035
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:148	client: closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:150	client: done closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:154	client: cancelled 0 events
2018-10-11T10:55:56.445Z	INFO	input/input.go:149	input ticker stopped
2018-10-11T10:55:56.445Z	INFO	input/input.go:167	Stopping Input: 17869331228610529110
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:148	client: closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:150	client: done closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:154	client: cancelled 0 events
2018-10-11T10:55:56.445Z	DEBUG	[autodiscover]	cfgfile/list.go:139	Stopped runner: nginx (access, error)
2018-10-11T10:55:56.445Z	INFO	autodiscover/autodiscover.go:259	Stopped autodiscover manager
2018-10-11T10:55:56.445Z	INFO	crawler/crawler.go:139	Stopping Crawler
2018-10-11T10:55:56.445Z	INFO	crawler/crawler.go:149	Stopping 2 inputs
2018-10-11T10:55:56.445Z	INFO	cfgfile/reload.go:199	Dynamic config reloader stopped
2018-10-11T10:55:56.445Z	INFO	input/input.go:149	input ticker stopped
2018-10-11T10:55:56.445Z	INFO	input/input.go:167	Stopping Input: 9440489671594294253
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:148	client: closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:150	client: done closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:154	client: cancelled 0 events
2018-10-11T10:55:56.445Z	INFO	input/input.go:149	input ticker stopped
2018-10-11T10:55:56.445Z	INFO	input/input.go:167	Stopping Input: 7243938024671766992
2018-10-11T10:55:56.445Z	DEBUG	[multiline]	multiline/multiline.go:145	Multiline event flushed because timeout reached.
2018-10-11T10:55:56.445Z	INFO	log/harvester.go:272	Reader was closed: /var/log/messages. Closing.
2018-10-11T10:55:56.445Z	DEBUG	[harvester]	log/harvester.go:507	Stopping harvester for file: /var/log/messages
2018-10-11T10:55:56.445Z	DEBUG	[harvester]	log/harvester.go:517	Closing file: /var/log/messages
2018-10-11T10:55:56.445Z	DEBUG	[harvester]	log/harvester.go:387	Update state: /var/log/messages, offset: 482548
2018-10-11T10:55:56.445Z	DEBUG	[harvester]	log/harvester.go:528	harvester cleanup finished for file: /var/log/messages
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:148	client: closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:150	client: done closing acker
2018-10-11T10:55:56.445Z	DEBUG	[publish]	pipeline/client.go:154	client: cancelled 0 events
2018-10-11T10:55:56.445Z	INFO	crawler/crawler.go:165	Crawler stopped
2018-10-11T10:55:56.445Z	INFO	registrar/registrar.go:356	Stopping Registrar
2018-10-11T10:55:56.445Z	INFO	registrar/registrar.go:282	Ending Registrar
2018-10-11T10:55:56.445Z	DEBUG	[registrar]	registrar/registrar.go:400	Write registry file: /var/lib/filebeat/registry
2018-10-11T10:55:56.449Z	DEBUG	[registrar]	registrar/registrar.go:393	Registry file updated. 5 states written.
2018-10-11T10:55:56.450Z	INFO	[monitoring]	log/log.go:149	Total non-zero metrics	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":20,"time":{"ms":23}},"total":{"ticks":90,"time":{"ms":102},"value":90},"user":{"ticks":70,"time":{"ms":79}}},"info":{"ephemeral_id":"dfbc0c28-23ed-4fdb-b93d-c5fd5d754230","uptime":{"ms":95240}},"memstats":{"gc_next":4194304,"memory_alloc":2817048,"memory_total":14646072,"rss":23998464}},"filebeat":{"events":{"added":16,"done":16},"harvester":{"closed":1,"open_files":0,"running":0,"started":1}},"libbeat":{"config":{"module":{"running":0},"reloads":1},"output":{"events":{"acked":11,"batches":3,"total":11},"read":{"bytes":5045},"type":"elasticsearch","write":{"bytes":7657}},"pipeline":{"clients":0,"events":{"active":0,"filtered":5,"published":11,"retry":9,"total":16},"queue":{"acked":11}}},"registrar":{"states":{"current":5,"update":16},"writes":{"success":9,"total":9}},"system":{"cpu":{"cores":1},"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}
2018-10-11T10:55:56.450Z	INFO	[monitoring]	log/log.go:150	Uptime: 1m35.241318273s
2018-10-11T10:55:56.450Z	INFO	[monitoring]	log/log.go:127	Stopping metrics logging.
2018-10-11T10:55:56.450Z	INFO	instance/beat.go:373	filebeat stopped.