29 lines
664 B
Text
29 lines
664 B
Text
[float]
|
|
[[ulimit]]
|
|
=== {beatname_uc} fails to watch folders because too many files are open?
|
|
|
|
Because of the way file monitoring is implemented on macOS, you may see a
|
|
warning similar to the following:
|
|
|
|
[source,shell]
|
|
----
|
|
eventreader_fsnotify.go:42: WARN [audit.file] Failed to watch /usr/bin: too many
|
|
open files (check the max number of open files allowed with 'ulimit -a')
|
|
----
|
|
|
|
To resolve this issue, run {beatname_uc} with the `ulimit` set to a larger
|
|
value, for example:
|
|
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
sudo sh -c 'ulimit -n 8192 && ./{beatname_uc} -e
|
|
----
|
|
|
|
Or:
|
|
|
|
["source","sh",subs="attributes"]
|
|
----
|
|
sudo su
|
|
ulimit -n 8192
|
|
./{beatname_lc} -e
|
|
----
|