Hi, I am 3 hours into my first venture into Graylog. Great work on the documentation.
I am trying to have Sidecar managed Filebeat send log messages to Graylog(2.2.1+4829190). For now, log files are in the same host as the Graylog server (Ubuntu 16.04).
Graylog UI indicates my collector is “Running”.
But Filebeat log (/var/log/graylog/collector-sidecar/filebeat) reports the following error and no messages are seen on the UI.
2017-03-01T17:27:57-07:00 ERR Connecting error publishing events (retrying): dial tcp 127.0.0.1:5044: getsockopt: connection refused
“[FileBeat] Beats output” Type output is configured with “[‘127.0.0.1:5044’]” Hosts with default values (“Load balancing”, “Enable TLS Support” & “Insecure TLS connection” all un-checked. Empty string for “CA File”, “Cert File” and “Key File”).
Nothing appears to be running on port 5044 (looking at other forum questions, it appears Graylog should be listining to that port):
ubuntu-16-04@ubuntu1604-VirtualBox:~/logs$ nc -v localhost 9000
Connection to localhost 9000 port [tcp/*] succeeded!
^C
ubuntu-16-04@ubuntu1604-VirtualBox:~/logs$ nc -v localhost 5044
nc: connect to localhost port 5044 (tcp) failed: Connection refused
My sidecar configuration(/etc/graylog/collector-sidecar/collector_sidecar.yml) is as follows:
server_url: http://127.0.0.1:9000/api/
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: graylog-collector-sidecar
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
- linux
- apache
backends:
- name: nxlog
enabled: false
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
- name: filebeat
enabled: true
binary_path: /usr/bin/filebeat
configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml
The generated Filebeat config is (/etc/graylog/collector-sidecar/generated/filebeat.yml)
filebeat:
prospectors:
- document_type: log
encoding: plain
fields:
gl2_source_collector: 8125ec15-f0fa-4ecd-bf0b-b1d8d2e3f395
ignore_older: 0
input_type: log
paths:
- /home/ubuntu-16-04/logs/*.log
scan_frequency: 10s
tail_files: true
output:
logstash:
hosts:- 127.0.0.1:5044
path:
data: /var/cache/graylog/collector-sidecar/filebeat/data
logs: /var/log/graylog/collector-sidecar
tags:- linux
- apache
/home/ubuntu-16-04/logs has files with content:
ubuntu-16-04@ubuntu1604-VirtualBox:~/logs$ pwd
/home/ubuntu-16-04/logs
ubuntu-16-04@ubuntu1604-VirtualBox:~/logs$ find . -iname ‘*.log’ -exec echo “Filename: {}” ; -exec cat {} ;
Filename: ./test.log
hello
test
test
message: INSERT failed (out of disk space)
level: 3 (error)
source: database-host-1
another test
another test
another test
2
2
Filename: ./test1.log
hello
another
Filename: ./test2.log
another test
I would appreciate any pointers on what could be wrong? Thanks!!!