Issue with Sidecar on linux (used to work) after restart stopped

t.arabiyat · February 23, 2020, 2:32pm

sidecar not communicating with graylog server and stuck as below

● graylog-sidecar.service - Wrapper service for Graylog controlled collector
Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-02-23 16:50:06 +03; 40min ago
Main PID: 26658 (graylog-sidecar)
CGroup: /system.slice/graylog-sidecar.service
└─26658 /usr/bin/graylog-sidecar

Feb 23 16:50:06 master-ngx systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 23 16:50:07 master-ngx graylog-sidecar[26658]: time=“2020-02-23T16:50:07+03:00” level=info msg=“Using node-id: ab34e13a-a8ce-423b-8c6c-0f633181f603”
Feb 23 16:50:07 master-ngx graylog-sidecar[26658]: time=“2020-02-23T16:50:07+03:00” level=info msg=“Starting signal distributor”

Note : Network is working fine ,I toke a dump and its not showing any messages from the sidecar.

jan · February 24, 2020, 7:34am

he @t.arabiyat

what does the sidecar LOGFILE show? what does your Graylog sidecar configuration look like?

t.arabiyat · February 24, 2020, 8:06am

The Graylog Config is below

And The side car log file is below :

time=“2020-02-23T16:19:18+03:00” level=info msg=“Starting signal distributor”
time=“2020-02-23T16:24:19+03:00” level=info msg=“Stopping signal distributor”
time=“2020-02-23T16:24:19+03:00” level=info msg=“Starting signal distributor”
time=“2020-02-23T16:24:32+03:00” level=info msg=“Stopping signal distributor”
time=“2020-02-23T16:24:41+03:00” level=info msg=“Starting signal distributor”
time=“2020-02-23T16:24:53+03:00” level=info msg=“Stopping signal distributor”
time=“2020-02-23T16:24:53+03:00” level=info msg=“Starting signal distributor”
time=“2020-02-23T16:33:43+03:00” level=info msg=“Stopping signal distributor”
time=“2020-02-23T16:33:43+03:00” level=info msg=“Starting signal distributor”
time=“2020-02-23T16:33:47+03:00” level=info msg=“Stopping signal distributor”
time=“2020-02-23T16:33:47+03:00” level=info msg=“Starting signal distributor”
time=“2020-02-23T16:38:56+03:00” level=info msg=“Stopping signal distributor”
time=“2020-02-23T16:39:08+03:00” level=info msg=“Starting signal distributor”
time=“2020-02-23T16:40:46+03:00” level=info msg=“Stopping signal distributor”
time=“2020-02-23T16:50:07+03:00” level=info msg=“Starting signal distributor”
[root@master-ngx graylog-sidecar]#

Appreciate the help.

jan · February 24, 2020, 8:45am

Did you have issues with the sidecar or with the collector?

For me the current situation is not clear. You have two components - one is the sidecar, that is the agent that connects from the server you want to have logfiles from to Graylog. This will then get the configuration from Graylog and start the collector. That is the process that collects the logs and send it to Graylog.

Where you are having issues with?

t.arabiyat · February 24, 2020, 9:08am

The issue is with sidecar client not sending info to graylog server and not importing the config from graylog server and thus not starting the collector (filebeat) its stuck a the message :
time=“2020-02-23T16:50:07+03:00” level=info msg=“Starting signal distributor”

I tried reinstalling the sidecar client with no luck.
Note it used to work fine but after the restart of graylog server due to update to 3.2.2 it stopped So I rolled back to 3.2.1 and still not working.

Appreciate your help.

jan · February 24, 2020, 9:14am

he @t.arabiyat
did you checked if the server_uri in the sidecar configration is unchanged? Did you checked if the server token is placed in the configuration file?

Did you checked of the server where the sidecar is running can reach Graylogs API?

t.arabiyat · February 24, 2020, 10:14am

Hello Jan,

Yes I did check all that and all of them checked out.

jan · February 24, 2020, 10:34am

when all is status green the sidecar should be seen in the overview in the Graylog UI. If that is not the case - something is not working as it should and is not green.

t.arabiyat · February 24, 2020, 10:59am

As you can see below they are showing status of “Unkown” even thought the clients are running and the graylog server is reachable.

And I have other windows servers working fine and these Linux servers used to work fine with same config.

Check this screenshot.

system · March 9, 2020, 10:59am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog backend not starting Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx , failoadcongfigfblx	2	1225	March 28, 2018
Sidecar no longer connecting to Graylog Server (Inactive, ping timeout) Graylog Central (peer support) sidecar	17	1793	April 6, 2022
NXLOG troubles with sidecar Graylog Central (peer support) sidecar , filebeat-linux , filebeat-windows , nosendlogfblx , clfblx , jsonfblx	1	706	November 17, 2020
Installing sidecar Graylog Central (peer support) sidecar , nxlog , filebeat-linux , nodatanx , nosendlogfblx	23	7710	February 28, 2019
Graylog Collector Sidecar Linux Filebeat Failing Graylog Central (peer support) sidecar , filebeat-linux , filebeat-windows	2	2033	June 15, 2017

Issue with Sidecar on linux (used to work) after restart stopped

Related Topics