Installing sidecar

input file:

image

you make your postings unreadable

I can’t help you because I do not understand what you have done and what is not working.

Could you please correct me if i am configuring wrongly.

  • The word “admin” in the private key file variable makes no sense at all.
  • When using the Sidecar, technically you do not need NXLog as far as I know. Sidecar comes with BEATS, which is perfectly suited for getting the data into Graylog.
  • In your output config you are using BEATS as well, so yeah: no reason for NXLog.

As Jan pointed out, the formatting of your YML file has been completely lost, because you did not use the “code” button to retain formatting. When copy/pasting configuration files or logging, it is best to:

  1. Past the text.
  2. Select the text.
  3. Click the button that looks like </>

Like so:

server_url: http://graylogserverip:port/api/
update_interval: 30
tls_skip_verify: true
send_status: true
list_log_files:

* /var/log
node_id: graylog-collector-sidecar
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
  * linux
  * apache
backends:
  * name: nxlog
enabled: true
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf

This will make the text a lot more readable and it retains YML formatting.

Looking at the screenshots, generally speaking, the details look mostly okay.

So now we’re down to basic troubleshooting :slight_smile:

  1. On the Graylog server, is there actually an open port 5044?
  2. Can you connect to port 5044 on the Graylog server, from your Apache server? For example, test it with netcat.
  3. Can you connect to port 9000 (or whatever other port you defined for the API+GUI) on the Graylog server, from your Apache server? Again, use netcat.

If you cannot connect, but the port is open, check the firewall on the Graylog box. If you can connect, restart the Sidecar Collector.

  1. Now check the Graylog GUI, in System > Collectors. Is the Apache host listed as an active collector? If not, then there is a problem with even connecting the Sidecar to Graylog. If it does show up, then we’re one step further!

  2. If the Sidecar was starting and it connected to Graylog, can you now also see an active connection between your Apache box and 5044 on the Graylog box? Check on both sides using netstat.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.