From 8620da85f9586b71643950650ddd2021455e0775 Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Date: Tue, 25 Jun 2019 21:33:20 +0200
Subject: [PATCH] Add warning for logging configuration on systemd (#12577)
 (#12662)

Since 7.0 we add the `-e` flag to all beats from the systemd unit file.
This make them to log to stderr on systems with systemd, what is the
recommended behaviour on these systems, so local logs are managed by
journald. This creates some confusion as the added flags make beats
ignore other output settings added to the configuration files.
Add a new warning in the logging configuration page about this.

(cherry picked from commit a6cd5e85cc30fe5296a8a26332e7e78b153b1704)
---
 auditbeat/auditbeat.reference.yml              |  3 +++
 filebeat/filebeat.reference.yml                |  3 +++
 heartbeat/heartbeat.reference.yml              |  3 +++
 journalbeat/journalbeat.reference.yml          |  3 +++
 libbeat/_meta/config.reference.yml             |  3 +++
 libbeat/docs/loggingconfig.asciidoc            | 13 +++++++++++++
 libbeat/docs/shared-systemd.asciidoc           |  4 ++--
 metricbeat/metricbeat.reference.yml            |  3 +++
 packetbeat/packetbeat.reference.yml            |  3 +++
 winlogbeat/winlogbeat.reference.yml            |  3 +++
 x-pack/auditbeat/auditbeat.reference.yml       |  3 +++
 x-pack/filebeat/filebeat.reference.yml         |  3 +++
 x-pack/functionbeat/functionbeat.reference.yml |  3 +++
 x-pack/metricbeat/metricbeat.reference.yml     |  3 +++
 14 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml
index 62412f677317..7c0c0f33b1dc 100644
--- a/auditbeat/auditbeat.reference.yml
+++ b/auditbeat/auditbeat.reference.yml
@@ -1093,6 +1093,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml
index 616b0f76e701..bdbea2834d2f 100644
--- a/filebeat/filebeat.reference.yml
+++ b/filebeat/filebeat.reference.yml
@@ -1804,6 +1804,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml
index a7c7be6677f4..6d6fddd7522f 100644
--- a/heartbeat/heartbeat.reference.yml
+++ b/heartbeat/heartbeat.reference.yml
@@ -1237,6 +1237,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/journalbeat/journalbeat.reference.yml b/journalbeat/journalbeat.reference.yml
index f9ad8dab8d29..51e11bf0ac79 100644
--- a/journalbeat/journalbeat.reference.yml
+++ b/journalbeat/journalbeat.reference.yml
@@ -1033,6 +1033,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/libbeat/_meta/config.reference.yml b/libbeat/_meta/config.reference.yml
index 6491383ac5cb..5a93216a4513 100644
--- a/libbeat/_meta/config.reference.yml
+++ b/libbeat/_meta/config.reference.yml
@@ -981,6 +981,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc
index 62b0577763e2..87a21aa05f3e 100644
--- a/libbeat/docs/loggingconfig.asciidoc
+++ b/libbeat/docs/loggingconfig.asciidoc
@@ -48,6 +48,13 @@ endif::win_only[]
 TIP: In addition to setting logging options in the config file, you can modify
 the logging output configuration from the command line. See
 <<command-line-options>>.
+
+ifndef::win_only[]
+WARNING: When {beatname_uc} is running on a Linux system with systemd, it uses
+by default the `-e` command line option, that makes it write all the logging output
+to stderr so it can be captured by journald. Other outputs are disabled. See
+<<running-with-systemd>> to know more and learn how to change this.
+endif::win_only[]
 endif::serverless[]
 
 ifdef::serverless[]
@@ -77,6 +84,12 @@ You can specify the following options in the `logging` section of the
 +{beatname_lc}.yml+ config file:
 
 ifndef::serverless[]
+[float]
+==== `logging.to_stderr`
+
+When true, writes all logging output to standard error output. This is
+equivalent to using the `-e` command line option.
+
 [float]
 ==== `logging.to_syslog`
 
diff --git a/libbeat/docs/shared-systemd.asciidoc b/libbeat/docs/shared-systemd.asciidoc
index 25f0c08ece6a..cf028b9573f2 100644
--- a/libbeat/docs/shared-systemd.asciidoc
+++ b/libbeat/docs/shared-systemd.asciidoc
@@ -80,8 +80,8 @@ would override `BEAT_LOG_OPTS` to enable debug for Elasticsearch output.
 Environment="BEAT_LOG_OPTS=-e -d elasticsearch"
 ------------------------------------------------
 
-To use settings from the {beatname_uc} file, empty the environment
-variable. For example:
+To change the logging output from the {beatname_uc} configuration file, empty
+the environment variable. For example:
 
 ["source", "systemd", subs="attributes"]
 ------------------------------------------------
diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml
index 55a2f6c8269b..69f46771c5a8 100644
--- a/metricbeat/metricbeat.reference.yml
+++ b/metricbeat/metricbeat.reference.yml
@@ -1691,6 +1691,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml
index 30a3e7ebb0de..c0968075e92e 100644
--- a/packetbeat/packetbeat.reference.yml
+++ b/packetbeat/packetbeat.reference.yml
@@ -1461,6 +1461,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml
index 3e2f4b3f2e3c..d8cf0444dec0 100644
--- a/winlogbeat/winlogbeat.reference.yml
+++ b/winlogbeat/winlogbeat.reference.yml
@@ -1010,6 +1010,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml
index 06409690e8ab..b65bdf2fd71f 100644
--- a/x-pack/auditbeat/auditbeat.reference.yml
+++ b/x-pack/auditbeat/auditbeat.reference.yml
@@ -1128,6 +1128,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
index 22446cc83d8b..a6c3a5d09e9c 100644
--- a/x-pack/filebeat/filebeat.reference.yml
+++ b/x-pack/filebeat/filebeat.reference.yml
@@ -1875,6 +1875,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml
index 6aa338385a5f..885547d4aaa7 100644
--- a/x-pack/functionbeat/functionbeat.reference.yml
+++ b/x-pack/functionbeat/functionbeat.reference.yml
@@ -1126,6 +1126,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false
 
diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml
index 6f25bab81323..96bfd310c945 100644
--- a/x-pack/metricbeat/metricbeat.reference.yml
+++ b/x-pack/metricbeat/metricbeat.reference.yml
@@ -1710,6 +1710,9 @@ setup.kibana:
 # Multiple selectors can be chained.
 #logging.selectors: [ ]
 
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false
+
 # Send all logging output to syslog. The default is false.
 #logging.to_syslog: false