Config file: yaml: line 15: could not find expected ':'\n"

Graylog Central (peer support)
1

WINDOWS - SIDECAR - WINLOGBEATS

image
image1330×203 34.6 KB

Now, this is quite misleading, as first you’d think is about the local sidecar.yml file, but… NO, is about the sidecar config on the server side.:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
   hosts: ["log..ZZZZ.:5144"]
   ssl.verification_mode: full
   
   
   ssl.certificate_authorities:["C:\Program Files\Graylog\Certs\YYYY.crt"]
    ssl.certificate:["C:\Program Files\Graylog\Certs\wildcard.int.XXXX.cloud.pem"]
    ssl.key:"C:\Program Files\Graylog\Certs\pkcs8-encrypted.pem"

path:
   data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
   logs: C:\Program Files\Graylog\sidecar\logs
tags:
 - windows
winlogbeat:
  event_logs:
   - name: Application
   - name: System
   - name: Security

LINE 15 being:

image

I tried to delete the speces, and extra lines and all…
It does the same.
I am thinking about the wrong indentation maybe for the ‘path:’ meaning…
as this solved the previous 3 other lines, i did the indentation right and then was ok.

Now i tried all kind of set ups for indentation but still… stuck in this

Cheers

2

yml files are extremely picky about spaces AND indentation. My first guess is that you need to correct the the indentation with the ssl lines…

1 Like
3

the error was that i had t double the ''
ssl.certificate_authorities: “C:\Program Files\Graylog\Certs\DigiCertCA.crt”

what tha hell, after this now i get the

image
image772×141 7.14 KB

dear gods…

4

going crazy with his :))))

5

here is a good place to do some comparison on how you have the settings:

your .key ends in .pem - not sure that would work - I am no ssl expert. Make sure to re-post what you currently have… as well as the solution if you find it.

6

i was tired of sidecar’s sh*it and went for NXlog.

Managed to make it work, over TLS as well.
I can go get drunk now, after 3 weeks of trying to sort out the sidecar way…

7

hey @adrianrus

I completely understand, YAML files are very, very touchy about indents, spelling along with permissions, etc… to completed that task. TBH Once you have GL sidecar running, its all down hill from there and it comes in handy when you have 500 + devices in a environment.

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.