I have graylog version 4 on ubuntu and i install sidecare and filebeat in this server. Because i have custom log in other place (/data/log/). I configure sidecare without any problem and filebaet all running as services.
in configure for filebeat i can see it’s running in port 5044. But
nestat -an | gre LISTEN nothing is running in this port.
Hello @Sharzad
This could be multiple issue/s.
We would resolve this a lot quicker if you could show more information.
ok. I configure sidecar and using filebeat to collect log.
all services sidecar and filebeat is running but show nothing in graylog.
this is what i have in sidecar:
server_url: "http://graylog2.test.es:9000/api/"
server_api_token: "<secret>"
tls_skip_verify: true
this is my filebeat:
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/log/*.log
- type: filestream
enabled: true
paths:
- /data/log/*.log
output.elasticsearch:
#Array of hosts to connect to.
hosts: ["graylog2.test.es:9200"]
in my syslog i have
2022-03-02T08:44:43.363232+00:00 graylog2 filebeat[39193]: 2022-03-02T08:44:43.361Z#011INFO#011[file_watcher]#011filestream/fswatch.go:137#011Start next scan
Hello @Sharzad
Thanks for the added info.
Correct me if I’m wrong. You have Graylog server with sidecar installed on it?
Not sure, but I think you mentioned that you can see the sidecar running on the Web UI?
Example:
Is this a message from the GL sidecar?
You’re FileBeat configuration file seams like some missing configurations. Did you configure FileBeat on the Web UI or did you configure FileBeat manually on the Graylog Server?
Example:
Yes correct i have graylog server with sidecar on it because i have custom log under /data/log/.
How to run sidecar on webui?
This message is in my syslog. in sidecar messages are:
time="2022-03-01T11:43:09Z" level=error msg="[UpdateRegistration] Failed to report collector status to server: Put \"http://127.0.0.1:9000/api/sidecars/301088e1-d83d-4820-b6bc-13e1eeb61981\": dial tcp 127.0.0.1:9000: connect: connection refused"
And my filebeat is exactly same as your screen. i configure on webUI in graylogserver. I just add my server. and change var/log/.log to /data/log/.log
this is my port status
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 127.0.0.1:9200 :::* LISTEN
tcp6 0 0 ::1:9200 :::* LISTEN
tcp6 0 0 127.0.0.1:9300 :::* LISTEN
tcp6 0 0 ::1:9300 :::* LISTEN
tcp6 0 0 :::4118 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5666 :::* LISTEN
tcp6 0 0 ipv6:9000 :::* LISTEN
as i say before i just change servername and paths: in configuration (and i did it in graylog webui)
i found 2 error in my filebeat/log:
1: directory not found: /usr/share/filebeat/bin/module",“service.name”:“filebeat”,“ecs.version”:“1.6.0” not found
I have only exec. files (filebeat, filebeat-god) under bin folder.
2 - “Failed to connect to backoff(async(tcp://“myip”:5044)): dial tcp “myip”:5044: connect: connection refused”,“service.name”:“filebeat”,“ecs.version”:“1.6.0”}
it working now. I add a input with listen to port 5044. and it working now.Thanks.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.