Installing sidecar


(baim23) #1

hi, I just new in graylog,
I try to install sidecar for services that not covered in syslog, like apache.
I just want to know what is exactly must to install host and server. because i have try to read http://docs.graylog.org/en/2.5/pages/collector_sidecar.html and I think im not really know how to install it.

root@wiki:~# systemctl status graylog-sidecar
● graylog-sidecar.service - Wrapper service for Graylog controlled collector
Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2019-02-06 15:37:51 WIB; 48s ago
Process: 31298 ExecStart=/usr/bin/graylog-sidecar (code=exited, status=1/FAILURE)
Main PID: 31298 (code=exited, status=1/FAILURE)

Feb 06 15:37:51 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.
root@wiki:~# systemctl start graylog-sidecar


#2

Which graylog version do you use?
What’s inside your OS logs? Why the service doesn’t start?

//GL sidecar only a “management” tool, what collect the config from GL, and put the config to a backend eg. nxlog, logbeats…


(baim23) #3

im using 2.5 version

is this what do you mean?

tail -100 /var/log/syslog
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Service hold-off time over, scheduling restart.
Feb 6 16:41:59 wiki systemd[1]: Stopped Wrapper service for Graylog controlled collector.
Feb 6 16:41:59 wiki systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 6 16:41:59 wiki graylog-sidecar[31732]: time=“2019-02-06T16:41:59+07:00” level=fatal msg=“No API token was configured.”
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Main process exited, code=exited, status=1/FAILURE
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Unit entered failed state.
Feb 6 16:41:59 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.

this is step by step im installing sidecar in host
http://docs.graylog.org/en/2.5/pages/collector_sidecar.html
Install sidecar package
download package https://github.com/Graylog2/collector-sidecar/releases
sudo dpkg -i collector-sidecar_0.0.9-1_amd64.deb

edit /etc/graylog/sidecar/sidecar.yml set at least the correct URL to your Graylog server and proper tags. The tags are used to define which configurations the host should receive. ( /etc/graylog/collector-sidecar/collector_sidecar.yml)

install and start service

        sudo systemctl start graylog-sidecar (sudo systemctl start collector-sidecar)

install NXlogbackend
*
download package di https://nxlog.co/products/nxlog-community-edition/download
*
im just installing the way dpkg -i
*
sudo /etc/init.d/nxlog stop (di init tidak ada nxlog)
sudo update-rc.d -f nxlog remove
sudo gpasswd -a nxlog adm
sudo chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog
*
Edit /etc/graylog/collector-sidecar/collector_sidecar.yml accordingly and register the Sidecar as a service:

sudo graylog-collector-sidecar -service install
sudo systemctl start collector-sidecar

(Just like repeating first step i think)

configurasi

server_url: http://10.0.2.2:9000/api/
update_interval: 30
tls_skip_verify: true
send_status: true
list_log_files:

  • /var/lognode_id: graylog-collector-sidecar
    collector_id: file:/etc/graylog/collector-sidecar/collector-id
    log_path: /var/log/graylog/collector-sidecar
    log_rotation_time: 86400
    log_max_age: 604800
    tags:
  • linux
  • apache
  • redisbackends:
  • name: nxlog
    enabled: true
    binary_path: /usr/bin/nxlog
    configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
    (this path is nothing in my dir) so i change
    /etc/nxlog/nxlog.conf

First start
ps -h -o comm -p 1 (not known command)


#4

What do you think, what this line means?

And what will happen, if you put this message to the community’s search function?

https://community.graylog.org/search?q=No%20API%20token%20was%20configured

As I see, I got some solution for your problem.
Please link your favorite solution for the future.


(Jan Doberstein) #5

sudo dpkg -i collector-sidecar_0.0.9-1_amd64.deb

actually that ancient sidecar version does not work with 2.5 - you need to use at least 0.1.7 what can be found in the Graylog upgrade and release notes.


(baim23) #6

sorry i download graylog-sidecar_1.0.0-1.rc.1_amd64.deb and i run

sudo dpkg -i graylog-sidecar_1.0.0-1.rc.1_amd64.deb


(baim23) #7

oke, thanks il do my best next time


(Jan Doberstein) #8

graylog-sidecar_1.0.0-1.rc.1_amd64.deb

That versions is not compatible with your Graylog Version. Please read carefull what Version is needed.


#9

maybe I’m on other planet.
I use sidecar 0.0.9 at windows with http communication behind frontend proxy, and working well with 2.5.1.
But I know, it should not work.


(baim23) #10

thanks,
i have installed sidecar 0.1.8 version and this step by step

Install the NXLog package from the official download page. Because the Sidecar takes control of stopping and starting NXlog it’s necessary to stop all running instances of NXlog and deconfigure the default system service. Afterwards we can install and setup the Sidecar:
sudo /etc/init.d/nxlog stop sudo update-rc.d -f nxlog remove sudo gpasswd -a nxlog adm sudo chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog sudo dpkg -i collector-sidecar_0.0.9-1_amd64.deb Edit /etc/graylog/collector-sidecar/collector_sidecar.yml accordingly and register the Sidecar as a service: sudo graylog-collector-sidecar -service install [Ubuntu 14.04 with Upstart] sudo start collector-sidecar [Ubuntu 16.04 with Systemd] sudo systemctl start collector-sidecar

and I test

systemctl status graylog-sidecar

all run good, but my nxlog is failed, so I reinstall nxlog with dpkg --purge remove first.

after installation nxlog run well, but now graylog-sidecar is failed, why?

graylog-sidecar.service - Wrapper service for Graylog controlled collector
Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2019-02-07 09:40:05 WIB; 12s ago
Process: 7041 ExecStart=/usr/bin/graylog-sidecar (code=exited, status=1/FAILURE)
Main PID: 7041 (code=exited, status=1/FAILURE)
Feb 07 09:40:05 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.

may I reinstall again? if its looping so till when?
please help

tail -50 / /var/log/syslog
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Service hold-off time over, scheduling restart.
Feb 7 09:46:06 wiki systemd[1]: Stopped Wrapper service for Graylog controlled collector.
Feb 7 09:46:06 wiki systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 7 09:46:06 wiki graylog-sidecar[7071]: time=“2019-02-07T09:46:06+07:00” level=fatal msg=“No API token was configured.”
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Main process exited, code=exited, status=1/FAILURE
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Unit entered failed state.
Feb 7 09:46:06 wiki systemd[1]: graylog-sidecar.service: Failed with result ‘exit-code’.


(baim23) #11

this is config /etc/graylog/collector-sidecar/collector_sidecar.yml

server_url: http://myserver:9000/api/
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar (nothing)
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
- linux
- apache
backends:
- name: nxlog
enabled: false
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf (wrong)
/etc/nxlog/nxlog.conf (right)
- name: filebeat
enabled: true
binary_path: /usr/bin/filebeat
configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml (nothing)


(Jan Doberstein) #12

when you really want to use nxlog - why did you leave it disabled in the sidecar configuration?

Anyway - is their a reason to use nxlog? I personal would prefer filebeat …


#13

I might be wrong but I think you need to use the 1.x.x version of the ‘sidecar’ binary for the 3.x version of the Graylog server.
You need to generate an API ‘token’ via the web interface of the 3.x Graylog server and insert the token value into the ‘sidecar.yml’ file for ‘server_api_token’
The location of the token generation page is System->Sidecars->Sidecars Overview and the link is called ’ Create or reuse a token for the graylog-sidecar user ’ at the top right of the page.
Regards,
Harry W.


#14

Just clarify, the ‘sidecar’ version 1.x is for the 3.x version of ‘Graylog’ and the ‘sidecar’ version 0.x is for the 2.x version of Graylog. I don’t believe you can mix and match.

Regards,
Harry W.


(Tess) #15

Jan said nothing about 0.0.9 not working with 2.5.1, he said that 1.0.0 would not work with 2.5.1 :slight_smile: The 1.x release is apparently for Graylog 3.x.


#16

@Totally_Not_A_Robot

I reflected to this post.


(Tess) #17

ACK, my bad. Missed that, sorry.


(baim23) #18

I just follow step by step from documentation

http://docs.graylog.org/en/2.5/pages/collector_sidecar.html

The Beats binaries (Filebeat and Winlogeventbeat) are included in the Sidecar package. So I think filebeat is installed automatically.


(Malleswar) #19

Hi,
I have installed sidecar and nxlog on my agent server (where apache is installed) and i have created a inputs and controllers as per the document. But i couldnt see my logs on graylog dashborad. I couldn’t see any error on in log.

My configuration:

collector_sidecar.yml:

server_url: http://graylogserverip:port/api/
update_interval: 30
tls_skip_verify: true
send_status: true
list_log_files:

  • /var/log
    node_id: graylog-collector-sidecar
    collector_id: file:/etc/graylog/collector-sidecar/collector-id
    cache_path: /var/cache/graylog/collector-sidecar
    log_path: /var/log/graylog/collector-sidecar
    log_rotation_time: 86400
    log_max_age: 604800
    tags:
    • linux
    • apache
      backends:
    • name: nxlog
      enabled: true
      binary_path: /usr/bin/nxlog
      configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf

input:

i have configured output and input file as well.

Could you please correct me if i am configuring wrongly. Thanks in Advance


(Malleswar) #20

output snap: