youtubebeat/vendor/github.com/elastic/beats/auditbeat/docs/faq-ulimit.asciidoc

[float]
[[ulimit]]
=== {beatname_uc} fails to watch folders because too many files are open?

Because of the way file monitoring is implemented on macOS, you may see a
warning similar to the following:

[source,shell]
----
eventreader_fsnotify.go:42: WARN [audit.file] Failed to watch /usr/bin: too many
open files (check the max number of open files allowed with 'ulimit -a')
----

To resolve this issue, run {beatname_uc} with the `ulimit` set to a larger
value, for example:

["source","sh",subs="attributes"]
----
sudo sh -c 'ulimit -n 8192 && ./{beatname_uc} -e
----

Or:

["source","sh",subs="attributes"]
----
sudo su
ulimit -n 8192
./{beatname_lc} -e
----
Add generated youtubebeat files 2018-11-18 11:08:38 +01:00			`[float]`
			`[[ulimit]]`
			`=== {beatname_uc} fails to watch folders because too many files are open?`

			`Because of the way file monitoring is implemented on macOS, you may see a`
			`warning similar to the following:`

			`[source,shell]`
			`----`
			`eventreader_fsnotify.go:42: WARN [audit.file] Failed to watch /usr/bin: too many`
			`open files (check the max number of open files allowed with 'ulimit -a')`
			`----`

			To resolve this issue, run {beatname_uc} with the `ulimit` set to a larger
			`value, for example:`

			`["source","sh",subs="attributes"]`
			`----`
			`sudo sh -c 'ulimit -n 8192 && ./{beatname_uc} -e`
			`----`

			`Or:`

			`["source","sh",subs="attributes"]`
			`----`
			`sudo su`
			`ulimit -n 8192`
			`./{beatname_lc} -e`
			`----`