Description of your problem
I am trying to connect Graylog Sidecar (version 1.1.0-1) on an Azure SQL Managed Instance server to our Graylog server. I followed the instructions (Graylog Sidecar - Graylog Sidecar) but when I attempt to run “C:\Program Files\graylog\sidecar\graylog-sidecar.exe” -service install` I receive one of the following errors:
If public IP address is used:
‘time=“2021-11-16T14:16:14Z” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put “http://[public ip]:9000/api/sidecars/86a2c07e-9b74-426f-af30-8dbedd7e9bc3”: dial tcp [public ip]:9000: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."’
If private IP address is used:
‘time=“2021-11-16T14:13:32Z” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put “http://[private ip]:9000/api/sidecars/86a2c07e-9b74-426f-af30-8dbedd7e9bc3”: EOF"’
At this point I’m stumped on what to try next to resolve this issue. I’ve looked into other Graylog Community threads on this exact issue but found no solution to this.
Below is the sidecar.yml file:
# The URL to the Graylog server API.
# Default: "http://127.0.0.1:9000/api/"
server_url: "http://[private ip]:9000/api/"
# The API token to use to authenticate against the Graylog server API.
# Default: none
server_api_token: "mso53nr3vi1id42ege46pmgggff5u6qjqcr24160gemn7e0bkm0"
# The node ID of the sidecar. This can be a path to a file or an ID string.
# If set to a file and the file doesn't exist, the sidecar will generate an
# unique ID and writes it to the configured path.
#
# Example file path: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
# Example ID string: "6033137e-d56b-47fc-9762-cd699c11a5a9"
#
# ATTENTION: Every sidecar instance needs a unique ID!
#
# Default: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
node_id: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
#node_id: "b20c8480-0cd9-43b7-afcf-9212d536ac47"
# The node name of the sidecar. If this is empty, the sidecar will use the
# hostname of the host it is running on.
# Default: ""
node_name: ""
# The update interval in secods. This configures how often the sidecar will
# contact the Graylog server for keep-alive and configuration update requests.
# Default: 10
update_interval: 10
# This configures if the sidecar should skip the verification of TLS connections.
# Default: false
tls_skip_verify: false
# This enables/disables the transmission of detailed sidecar information like
# collector statues, metrics and log file lists. It can be disabled to reduce
# load on the Graylog server if needed. (disables some features in the server UI)
# Default: true
send_status: true
# A list of directories to scan for log files. The sidecar will scan each
# directory for log files and submits them to the server on each update.
#
# Example:
# list_log_files:
# - "/var/log/nginx"
# - "/opt/app/logs"
#
# Default: empty list
list_log_files:
- "C:\\Program Files\\Microsoft SQL Server\\MSSQL13.MSSQLSERVER\\MSSQL\\Log"
# Directory where the sidecar stores internal data.
#cache_path: "C:\\Program Files\\Graylog\\sidecar\\cache"
# Directory where the sidecar stores logs for collectors and the sidecar itself.
#log_path: "C:\\Program Files\\Graylog\\sidecar\\logs"
# The maximum size of the log file before it gets rotated.
#log_rotate_max_file_size: "10MiB"
# The maximum number of old log files to retain.
#log_rotate_keep_files: 10
# Directory where the sidecar generates configurations for collectors.
#collector_configuration_directory: "C:\\Program Files\\Graylog\\sidecar\\generated"
# A list of binaries which are allowed to be executed by the Sidecar. An empty list disables the access list feature.
# Wildcards can be used, for a full pattern description see https://golang.org/pkg/path/filepath/#Match
# Example:
# collector_binaries_accesslist:
# - "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
# - "C:\\Program Files\\Filebeat\\filebeat.exe"
#
# Example disable access listing:
# collector_binaries_accesslist: []
#
# Default:
collector_binaries_accesslist:
# - "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe"
- "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
# - "C:\\Program Files\\Filebeat\\filebeat.exe"
# - "C:\\Program Files\\Packetbeat\\packetbeat.exe"
# - "C:\\Program Files\\Metricbeat\\metricbeat.exe"
# - "C:\\Program Files\\Heartbeat\\heartbeat.exe"
# - "C:\\Program Files\\Auditbeat\\auditbeat.exe"
# - "C:\\Program Files (x86)\\nxlog\\nxlog.exe"
The sidecar is not showing up on the Graylog web console so something is stopping it connecting but I can’t see what.
If anyone could recommend some next steps it would really help!
Description of steps you’ve taken to attempt to solve the issue
- Tried switching server url to be both private and public server ip.
- Tried generating new server api token incase previous had a problem with it.
- Tried inputting node-id myself instead of using given default.
- Added firewall rule to SQL Server to allow outbound ports 5044 and 9000 and checked Graylog server allows inbound same ports.
- Can ping/telnet between servers so uncertain whether it could be networking issue
- Tried jumping ahead of this step by using ‘graylog_sidecar_installer_1.1.0-1.exe /S -SERVERURL=http://[private ip]:9000/api -APITOKEN=mso53nr3vi1id42ege46pmgggff5u6qjqcr24160gemn7e0bkm0’ and then starting the graylog-sidecar service, but it just fills sidecar logs with the same above errors.
Operating system information
- Linux (redhat 7.9)
Package versions
- Graylog v4.1.6
- Elasticsearch v6.8.18