Closed
Description
At startup we should log details about the system to aid in providing support. This information could help us resolve issues faster because there would be fewer back-and-forths. When logs are provided by the user there wouldn't be a need for questions like "how did you run it", "what OS", "what kind of hardware", "what user were you running as", "are you running in Docker", "what is the machine's local timezone", etc.
For example, at startup we could add a single log line with the system info. We've had similar logging limited to Metricbeat-Windows and it has proven useful when debugging permissions issues.
2017-12-22T01:27:46.710-0500 INFO instance/beat.go:443 Home path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat] Config path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat] Data path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat/data] Logs path: [/Users/akroh/go/src/github.com/elastic/beats/filebeat/logs]
2017-12-22T01:27:46.710-0500 INFO instance/beat.go:450 Beat UUID: 06925eef-4707-40f9-82aa-acfe7903dde9
2017-12-22T01:27:46.715-0500 INFO [beat] instance/beat.go:247 System details {"system": {"cwd":"/Users/akroh/go/src/github.com/elastic/beats/filebeat","containerized":false,"go":{"max_procs":8,"goarch":"amd64","version":"go1.9.2"},"hardware":{"architecture":"x86_64","num_cpu":8,"mem_total_bytes":17179869184},"hostname":"macbook15","host_uptime":1248277710786330,"ip":["127.0.0.1/8","::1/128","fe80::1/64","fe80::c3e:88e:842b:c8a3/64","fe80::ccb5:e0ff:fe00:f61d/64","fe80::1f51:a9d7:378:5b34/64","192.168.137.1/24","fe80::aede:48ff:fe00:1122/64"],"kernel_version":"16.7.0","os":{"type":"darwin","name":"Mac OS X","version":"10.12.6","build":"16G1114"},"process":{"name":"filebeat","pid":21455,"ppid":70792,"exe":"/Users/akroh/go/src/github.com/elastic/beats/filebeat/filebeat","args":["./filebeat","-e"]},"terminal":true,"system_time":"2017-12-22T01:27:46-05:00","timezone":"EST","user":{"name":["akroh","Andrew Kroh"],"group":["staff","everyone","localaccounts","_appserverusr","admin","_appserveradm","_lpadmin","access_bpf","com.apple.sharepoint.group.1","_appstore","_lpoperator","_developer","com.apple.access_ftp","com.apple.access_screensharing","com.apple.access_ssh"],"uid":"501","gid":"20"}}}
2017-12-22T01:27:46.715-0500 INFO instance/beat.go:204 Setup Beat: filebeat; Version: 7.0.0-alpha1
This log message contains:
{
"system": {
"cwd": "/Users/akroh/go/src/github.com/elastic/beats/filebeat",
"containerized": false,
"go": {
"max_procs": 8,
"goarch": "amd64",
"version": "go1.9.2"
},
"hardware": {
"architecture": "x86_64",
"num_cpu": 8,
"mem_total_bytes": 17179869184
},
"hostname": "macbook15",
"host_uptime": 1248277710786330,
"ip": [
"127.0.0.1/8",
"::1/128",
"fe80::1/64",
"fe80::c3e:88e:842b:c8a3/64",
"fe80::ccb5:e0ff:fe00:f61d/64",
"fe80::1f51:a9d7:378:5b34/64",
"192.168.137.1/24",
"fe80::aede:48ff:fe00:1122/64"
],
"kernel_version": "16.7.0",
"os": {
"type": "darwin",
"name": "Mac OS X",
"version": "10.12.6",
"build": "16G1114"
},
"process": {
"name": "filebeat",
"pid": 21455,
"ppid": 70792,
"exe": "/Users/akroh/go/src/github.com/elastic/beats/filebeat/filebeat",
"args": [
"./filebeat",
"-e"
]
},
"terminal": true,
"system_time": "2017-12-22T01:27:46-05:00",
"timezone": "EST",
"user": {
"name": [
"akroh",
"Andrew Kroh"
],
"group": [
"staff",
"everyone",
"localaccounts",
"_appserverusr",
"admin",
"_appserveradm",
"_lpadmin",
"access_bpf",
"com.apple.sharepoint.group.1",
"_appstore",
"_lpoperator",
"_developer",
"com.apple.access_ftp",
"com.apple.access_screensharing",
"com.apple.access_ssh"
],
"uid": "501",
"gid": "20"
}
}
}
On Linux and Windows this will include some additional sections about privileges, capabilities, and seccomp.
...
"capabilities": [
"cap_chown",
"cap_dac_override",
"cap_fowner",
"cap_fsetid",
"cap_kill",
"cap_setgid",
"cap_setuid",
"cap_setpcap",
"cap_net_bind_service",
"cap_net_raw",
"cap_sys_chroot",
"cap_mknod",
"cap_audit_write",
"cap_setfcap"
],
...
"seccomp": {
"mode": "filter",
"no_new_privs": null
},