Graylog 3.2 sidecar collector/filebeat errors

Hello Everyone!

I am a new Jr. Sysadmin and I recently started setting up Graylog. No experience with using/setting up logging systems. Great Graylog documentation I understand a lot and I think I know the problem just not sure and where.

My sidecar does not show in the web UI I create the input for a file beat on linux and I point to the correct certs and follow the guide. The web UI shows the Beat input as running but when I go to sidecar overview I do not see anything. When I check systemctl status graylog-sidecar I get

graylog-sidecar[7937]: time=“2020-05-19T13:11:10-04:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https:/192.168.2.61:9000/api/sidecars/0f0f51fe-119b-4504a9: dial tcp 192.168.2.61:9000: connect: connection refused"

Currently running a single Node Centos8 with the recommended MongoDB and Elasticsearch versions.

The Graylog server is running behind an nginx reverse proxy.

server
{
listen 443 ssl http2;
server_name log1.domain.com;
ssl_certificate /etc/ssl/certs/Wildcard.crt;
ssl_certificate_key /etc/ssl/certs/WildcardKey.pem;
ssl_protocols TLSv1.2 TLSv1.3;

location /
{
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Graylog-Server-URL https://$server_name/;
  proxy_pass       http:/127.0.0.1:9000;
}

}

My graylog server conf is basically the default, http_bind_address = 127.0.0.1:9000. I did follow the guide on creating the sha2 password and the secret password.

My sidecar.yml is basic as well.

server_url: “https:/192.168.2.61:9000/api/”

server_api_token: “bunch of characters”

node_id: “file:/etc/graylog/sidecar/node-id”

Not sure where to go from here, I have been searching for similar issues and I think it is something to do with where I am running reverse proxy in single node relating to the addresses and the api.

**Note I took out an / in the earlier code pieces to make the post.

you need to configure the log1.domain.com as server_uri in your sidecar configuration.

Thanks for responding! I added log1.domain.com as the server_uri in the sidecar config. Restarted the sider and server status.

The error changed a bit to:

May 20 10:47:46 Log1 graylog-sidecar[10624]: time=“2020-05-20T10:47:46-04:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://log1.domain.com:9000/api/sidecars/0f0f51fe-119b-4507-b4a1-b75d495404a9: dial tcp 192.168.2.61:9000: connect: connection refused"

Double checked and port 9000/tcp is open on the server.

server_url is https:/log1.domain.com/api/ without :9000
Use this in your sidecar config.

1 Like

Thanks! that done it, idk why I added port 9000.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.