Hi Guys,
I installed graylog collector sidecar on my client machine which should send logs to my Graylog server. Moreover I installed below plugins in my plugin folder (on server):
… and after that I restarted graylog container (yep, I’m using docker)
However in web browser there is no “Collectors” section in “System” menu. Do you have any idea why? Should I wait a bit longer? Maybe install something more? Kindly please for your support!
The Graylog Collector plugin is installed by default and it shouldn’t be necessary to install it manually.
How did you install Graylog?
What’s the configuration of Graylog?
What files are in your plugins directory?
What’s in the logs of your Graylog node?
You’re right. When I wrote “installed” I meant that I copied jar file to /srv/graylog/plugin:
[root@monitor-host ~]# ls -l /srv/graylog/plugin/
total 192
-rw-r--r--. 1 root root 27028 Jul 7 14:12 graylog-plugin-beats-2.2.3.jar
-rw-r--r--. 1 root root 115405 Jul 7 14:40 graylog-plugin-collector-2.2.3.jar
-rw-r--r--. 1 root root 47876 Jun 22 12:35 graylog-plugin-input-jmx-1.0.2-SNAPSHOT.jar
This should work, I used jmx plugin without any doubts.
I installed graylog as container in docker. I Installed it:
sudo docker pull graylog2/graylog
docker-compose up -d
Node logs are (I suppose that you asked about http://[ip.of.graylog.server]:9000/system/nodes/33b3adfb-xxxx-xxxx-xxxx-df330d770797
Lifecycle state: Running
Marked as ALIVE for load balancers
Processing 0 incoming and 0 outgoing msg/s.
Installed plugins: Collector, Elastic Beats Input, JMXInput
Configuration is stored in docker-compose.yml file:
[root@monitor-host graylog]# cat docker-compose.yml
version: '2'
services:
mongo:
image: "mongo:3"
volumes:
- /srv/graylog/data/mongo:/data/db
restart: always
networks:
- graylog
elasticsearch:
image: "elasticsearch:2"
command: "elasticsearch -Des.cluster.name='graylog'"
volumes:
- /srv/graylog/data/elasticsearch:/usr/share/elasticsearch/data
restart: always
ports:
- "9200:9200"
networks:
- graylog
graylog:
image: graylog2/server:2.2.3-1
volumes:
- /srv/graylog/data/journal:/usr/share/graylog/data/journal
- /srv/graylog/config:/usr/share/graylog/data/config
- /srv/graylog/plugin:/usr/share/graylog/plugin
environment:
GRAYLOG_PASSWORD_SECRET: secretpasswd
GRAYLOG_ROOT_PASSWORD_SHA2: 8c6976e5b5410415bde908bd4blablablabla4bb8a81f6f2ab448a918
GRAYLOG_WEB_ENDPOINT_URI: http://[ip.of.graylog.server]:9000/api
depends_on:
- mongo
- elasticsearch
ports:
- "465:465"
- "9000:9000"
- "9200:9200/udp"
- "12201:12201/udp"
- "12200:12200/udp"
- "1514:1514/udp"
- "5044:5044"
- "5045:5045/udp"
restart: always
networks:
- graylog
grafana:
image: grafana/grafana
restart: always
ports:
- "3002:3000"
depends_on:
- elasticsearch
networks:
- graylog
networks:
graylog:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.21.0.0/16Is the plugin listed in the logs of your Graylog node on startup?
Could you try running the Graylog container without the JMX plugin to rule out any incompatibilities?
Also, are there any error messages in the logs of your Graylog node or in the Developer Console of your web browser?
I tried to erase other plugins. Now in my plugin folder I have only:
graylog-plugin-beats-2.2.3.jar
graylog-plugin-collector-2.2.3.jar
However after restarting my container I have in System menu only:
Overview
Configurations
Nodes
Inputs
Outputs
Indices
Logging
Authentication
Content Packs
Grok Patterns
I’ve got no error logs - every container works fine, GraylogWEB->System->Overview - no errors.
Moreover from my client machine I’ve got this sidecar status:
INFO[0000] Using collector-id: f78bbc7b-5f61-45c7-acff-b1c30cc84fea
INFO[0000] Fetching configurations tagged by: [apache]
INFO[0000] Starting signal distributor
INFO[0000] [filebeat] Starting (exec driver)
ERRO[0001] [filebeat] Backend finished unexpectedly, trying to restart 1/3.
INFO[0001] [filebeat] Stopping
INFO[0003] [filebeat] Starting (exec driver)
ERRO[0004] [filebeat] Backend finished unexpectedly, trying to restart 2/3.
INFO[0004] [filebeat] Stopping
INFO[0006] [filebeat] Starting (exec driver)
ERRO[0007] [filebeat] Backend finished unexpectedly, trying to restart 3/3.
INFO[0007] [filebeat] Stopping
INFO[0009] [filebeat] Starting (exec driver)
INFO[0010] [RequestConfiguration] No configuration found for configured tags!
ERRO[0010] [filebeat] Unable to start collector after 3 tries, giving up!
INFO[0020] [RequestConfiguration] No configuration found for configured tags!
INFO[0030] [RequestConfiguration] No configuration found for configured tags!What’s in the logs of the Graylog node?
Are there any errors in the Developer Console of your web browser?
Logs were ok. In DC there are no errors.
However I copied to plugin folder some additional plugins.
[root@monitor-host graylog]$ ls -l /srv/graylog/plugin
total 18788
-rw-r--r--. 1 root root 27030 Apr 4 12:38 graylog-plugin-beats-2.2.3.jar
-rw-r--r--. 1 root root 2936453 Apr 4 12:37 graylog-plugin-collector-2.2.3.jar
-rw-r--r--. 1 root root 4133067 Apr 4 12:38 graylog-plugin-enterprise-integration-2.2.3.jar
-rw-r--r--. 1 root root 47876 Jun 22 11:48 graylog-plugin-input-jmx-1.0.2-SNAPSHOT.jar
-rw-r--r--. 1 root root 6497687 Apr 4 12:35 graylog-plugin-map-widget-2.2.3.jar
-rw-r--r--. 1 root root 5582963 Apr 4 12:36 graylog-plugin-pipeline-processor-2.2.3.jar
Maybe some of them were responsible for make collectors section visible. I don’t know, but it works… Any idea why? Nevertheless problem is solved now.
I’ve got these packages from https://packages.graylog2.org/releases/graylog/graylog-2.2.3.tgz (plugin folder). By the way when I delete all jars but not beats, collector and jmx, Collector section is still visible. When I delete graylog-plugin-collector-2.2.3.jar, restart docker and copied again graylog-plugin-collector-2.2.3.jar and again restart - Collector is invisible. I need to copy all of these jars again and delete all until in plugin folder will be these three jars - beats, collector and jmx. Then it’s ok. Creepy issue.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.