hi, I just new in graylog,
I try to install sidecar for services that not covered in syslog, like apache.
I just want to know what is exactly must to install host and server. because i have try to read http://docs.graylog.org/en/2.5/pages/collector_sidecar.html and I think im not really know how to install it.
root@wiki:~# systemctl status graylog-sidecar
● graylog-sidecar.service - Wrapper service for Graylog controlled collector
Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2019-02-06 15:37:51 WIB; 48s ago
Process: 31298 ExecStart=/usr/bin/graylog-sidecar (code=exited, status=1/FAILURE)
Main PID: 31298 (code=exited, status=1/FAILURE)
Feb 06 15:37:51 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.
root@wiki:~# systemctl start graylog-sidecar
tail -100 /var/log/syslog
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Service hold-off time over, scheduling restart.
Feb 6 16:41:59 wiki systemd[1]: Stopped Wrapper service for Graylog controlled collector.
Feb 6 16:41:59 wiki systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 6 16:41:59 wiki graylog-sidecar[31732]: time=“2019-02-06T16:41:59+07:00” level=fatal msg=“No API token was configured.”
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Main process exited, code=exited, status=1/FAILURE
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Unit entered failed state.
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.
edit /etc/graylog/sidecar/sidecar.yml set at least the correct URL to your Graylog server and proper tags. The tags are used to define which configurations the host should receive. ( /etc/graylog/collector-sidecar/collector_sidecar.yml)
install NXlogbackend
*
download package di Download - Nxlog Community Edition
*
im just installing the way dpkg -i
*
sudo /etc/init.d/nxlog stop (di init tidak ada nxlog)
sudo update-rc.d -f nxlog remove
sudo gpasswd -a nxlog adm
sudo chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog
*
Edit /etc/graylog/collector-sidecar/collector_sidecar.yml accordingly and register the Sidecar as a service:
name: nxlog
enabled: true
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
(this path is nothing in my dir) so i change
/etc/nxlog/nxlog.conf
First start
ps -h -o comm -p 1 (not known command)
actually that ancient sidecar version does not work with 2.5 - you need to use at least 0.1.7 what can be found in the Graylog upgrade and release notes.
maybe I’m on other planet.
I use sidecar 0.0.9 at windows with http communication behind frontend proxy, and working well with 2.5.1.
But I know, it should not work.
thanks,
i have installed sidecar 0.1.8 version and this step by step
Install the NXLog package from the official download page. Because the Sidecar takes control of stopping and starting NXlog it’s necessary to stop all running instances of NXlog and deconfigure the default system service. Afterwards we can install and setup the Sidecar:
$ sudo /etc/init.d/nxlog stop $ sudo update-rc.d -f nxlog remove $ sudo gpasswd -a nxlog adm $ sudo chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog $ sudo dpkg -i collector-sidecar_0.0.9-1_amd64.deb
Edit /etc/graylog/collector-sidecar/collector_sidecar.yml accordingly and register the Sidecar as a service:
$ sudo graylog-collector-sidecar -service install [Ubuntu 14.04 with Upstart] $ sudo start collector-sidecar [Ubuntu 16.04 with Systemd] $ sudo systemctl start collector-sidecar
and I test
systemctl status graylog-sidecar
all run good, but my nxlog is failed, so I reinstall nxlog with dpkg --purge remove first.
after installation nxlog run well, but now graylog-sidecar is failed, why?
graylog-sidecar.service - Wrapper service for Graylog controlled collector
Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2019-02-07 09:40:05 WIB; 12s ago
Process: 7041 ExecStart=/usr/bin/graylog-sidecar (code=exited, status=1/FAILURE)
Main PID: 7041 (code=exited, status=1/FAILURE)
Feb 07 09:40:05 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.
may I reinstall again? if its looping so till when?
please help
tail -50 / /var/log/syslog
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Service hold-off time over, scheduling restart.
Feb 7 09:46:06 wiki systemd[1]: Stopped Wrapper service for Graylog controlled collector.
Feb 7 09:46:06 wiki systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 7 09:46:06 wiki graylog-sidecar[7071]: time=“2019-02-07T09:46:06+07:00” level=fatal msg=“No API token was configured.”
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Main process exited, code=exited, status=1/FAILURE
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Unit entered failed state.
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.
I might be wrong but I think you need to use the 1.x.x version of the ‘sidecar’ binary for the 3.x version of the Graylog server.
You need to generate an API ‘token’ via the web interface of the 3.x Graylog server and insert the token value into the ‘sidecar.yml’ file for ‘server_api_token’
The location of the token generation page is System->Sidecars->Sidecars Overview and the link is called ’ Create or reuse a token for the graylog-sidecar user ’ at the top right of the page.
Regards,
Harry W.
Just clarify, the ‘sidecar’ version 1.x is for the 3.x version of ‘Graylog’ and the ‘sidecar’ version 0.x is for the 2.x version of Graylog. I don’t believe you can mix and match.
Hi,
I have installed sidecar and nxlog on my agent server (where apache is installed) and i have created a inputs and controllers as per the document. But i couldnt see my logs on graylog dashborad. I couldn’t see any error on in log.
The 1.x release is apparently for Graylog 3.x.
