Hello Everyone!
I am a new Jr. Sysadmin and I recently started setting up Graylog. No experience with using/setting up logging systems. Great Graylog documentation I understand a lot and I think I know the problem just not sure and where.
My sidecar does not show in the web UI I create the input for a file beat on linux and I point to the correct certs and follow the guide. The web UI shows the Beat input as running but when I go to sidecar overview I do not see anything. When I check systemctl status graylog-sidecar I get
graylog-sidecar[7937]: time=“2020-05-19T13:11:10-04:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https:/192.168.2.61:9000/api/sidecars/0f0f51fe-119b-4504a9: dial tcp 192.168.2.61:9000: connect: connection refused"
Currently running a single Node Centos8 with the recommended MongoDB and Elasticsearch versions.
The Graylog server is running behind an nginx reverse proxy.
server
{
listen 443 ssl http2;
server_name log1.domain.com;
ssl_certificate /etc/ssl/certs/Wildcard.crt;
ssl_certificate_key /etc/ssl/certs/WildcardKey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http:/127.0.0.1:9000;
}
}
My graylog server conf is basically the default, http_bind_address = 127.0.0.1:9000. I did follow the guide on creating the sha2 password and the secret password.
My sidecar.yml is basic as well.
server_url: “https:/192.168.2.61:9000/api/”
server_api_token: “bunch of characters”
node_id: “file:/etc/graylog/sidecar/node-id”
Not sure where to go from here, I have been searching for similar issues and I think it is something to do with where I am running reverse proxy in single node relating to the addresses and the api.
**Note I took out an / in the earlier code pieces to make the post.