I did that and set everything up to monitor a single log, but can’t get it to work. I created an API, installed Sidecar on the Windows Server, created a configuration, then assigned it to the Sidecar as documented. When starting the service, it says Running, but quickly changes to Failed. I can verify that the config I made was pushed to the sidecar. Below are logs and the config file. I’ll make another post if suggested:
- IP of Graylog VM: 192.168.0.199/24
- IP of server with sidecar: 192.168.0.35/24
- level=error msg="[filebeat] Collector configuration file is not valid, waiting for the next update."
- level=error msg="[filebeat] Validation command output: Exiting: no modules or inputs enabled and configuration reloading disabled. What files do you want me to watch?\n"
- ERROR fileset/modules.go:118 Not loading modules. Module directory not found: C:\Program Files\Graylog\sidecar\module
- ERROR instance/beat.go:743 Exiting: no modules or inputs enabled and configuration reloading disabled. What files do you want me to watch?
sidecar.yml (Uncommented only)
node_id: “file:C:\Program Files\Graylog\sidecar\node-id”
data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
logs: C:\Program Files\Graylog\sidecar\logs
- All paths within config files are valid
- Initially had issue getting sidecar service to appear in Windows post install
- Know comm between client and Graylog VM plus file permissions are ok since it pushed config to it successfully
- Tried restarting sidecar service multiple times plus reinstalling running as admin
- Tried changing Log On account for service to admin user then restarting with same results
- Show Messages on sidecar displays nothing in web interface
- Just saw that filebeat service isn’t starting
Any suggestions? Thanks