Graylog Sidecar not sending data

Description of your problem

Graylog is not receiving Windows Event Logs from Graylog Sidecar.

Description of steps you’ve taken to attempt to solve the issue

• Sidecar is running as service, restarted
• Graylog shows “Running” on Sidecars Overview
• Cleared all Windows logs on endpoint (new log entries are there)
• Sidecar configtest shows “Config OK”
• Sidecar log:

time="2021-10-06T18:21:17+02:00" level=info msg="Stopping signal distributor" 
time="2021-10-06T18:21:17+02:00" level=info msg="Starting signal distributor" 
time="2021-10-06T18:21:27+02:00" level=info msg="No configurations assigned to this instance. Skipping configuration request.

Environmental information

• Graylog 4.0.5+d95b909 on ubuntu_1804
• Graylog Collector Sidecar version 1.0.2 (4a6d445) [go1.11.13/amd64]

Operating system information

• Ubuntu 18.04

Package versions

• Graylog: 4.0.5+d95b909, codename Noir
• MongoDB: v4.0.22
• Elasticsearch: 7.11.2
• Service logs, configuration, and environment variables
• See the docs site for all file locations

Thanks for hints/help

Looks like you haven’t assigned a configuration to the windows machine
Here is the step-by-step guide for sidecar which includes how to assign the configuration.

More specifically it looks like this below… though in this case they are assigning a filebeat config to a linux machine. Once you assign it in the Graylog GUI, Graylog will push the configuration to the Windows machine and the service will restart.

1875×1080 65.5 KB

On a side note, Elasticsearch is supposed to stay at 7.10 for now ( you are at 7.11.2) You may want to pin it at that version so it doesn’t’ get too far away from you/guidelines.

Thanks, got it working now. I had to stop Graylog for about 3 weeks.
Somehow that config assignment got lost. I think this should not happen.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.