Graylog Server not receiving messages from sidecar

I’ve been trying to setup a Graylog Server and Sidecar in a linux vm environment for school for weeks now and no messages are getting through. I’ve followed different tutorials, the step-by-step guides, nothing is working and I’m not getting any error messages saying that something is wrong. I’ve created new VMs to try and fix the problem with different IP addresses and nothing. I’m working in CentOS 8 with sidecar version 1.1.0-1 and server version 3.2.6.

As for the configuration, nothing seems to be out of place, and if there was anything out of place I’m getting no error messages suggesting so. I just need help seeing what the problem is.

I’m using Filebeat on Linux with the configuration:

#Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

- input_type: log
  - /var/log/*.log
  type: log
 hosts: ["greylog-server-ip:5044"]
 data: /var/lib/graylog-sidecar/collectors/filebeat/data
 logs: /var/lib/graylog-sidecar/collectors/filebeat/log

Local Input Configuration:

Syslog UDP [running]
allow_override_date: true
expand_structured_data: false
force_rdns: false
number_worker_threads: 1
override_source: <empty>
port: 1514
recv_buffer_size: 262144
store_full_message: false

Sidecar Configuration:

server_url: "http://[ip-address]:9000/api/"
server_api_token: "[token]"
update_inverval: 10
tls_skip_verify: true
send_status: true
list_log_files: []
cache_path: "/var/cache/graylog-sidecar"
log_path: "/var/log/graylog-sidecar"

Server Configuration:

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = [pwgen -N 1 -s 96]
root_username = [username]
root_password_sha2 = [hashed password]
root_timezone = UTC
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin

http_bind_address = [ip address]:9000

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

  • Does the sidecar show up in your list of sidecars on the Graylog server?

  • If it does, did you assign the configuration to it?

  • You configuration is going to port 5044 which is a “Beats” input port but you are listing a “Syslog UDP” input and has a port of 1514… Two ships sailing in the night right there!

Check this area for logs on the machine where sidecar is installed- sidecar is usually pretty good about kicking out what is sees as an issue. One thing to not is yml files are very sensitive to spacing and indentation… the log files usually complain about that if it’s an issue so you don’t have to guess…

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.