Level=error msg="[UpdateRegistration] Failed to report collector status to server

Graylog Central (peer support)
, , , ,
1

Hi ,
I am not able to view the logs after configuring the collectors in graylog
I have configured sample beats input and output
collector and beats status show up and running in the graylog web

However i am not able to see the log output
Below is the error is see in the collector_sidecar logs

time=“2018-07-25T06:07:29-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get http://10.175.184.251:9000/api/plugins/org.graylog.plugins.collector/785cb392-8649-4e08-9f8b-f93411552509?tags=[“linux”%2C"apache"]: dial tcp 10.175.184.251:9000: getsockopt: connection refused"
time=“2018-07-25T06:07:29-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put http://10.175.184.251:9000/api/plugins/org.graylog.plugins.collector/collectors/785cb392-8649-4e08-9f8b-f93411552509: dial tcp

the packages version are below

filebeat -version
filebeat version 6.1.2 (amd64), libbeat 6.1.2

/usr/bin/graylog-collector-sidecar -version
Graylog Collector Sidecar version 0.1.6 (77045b2) [go1.9.3/amd64]

Graylog 2.4.6
Elastic search : 5.6.10

2

image
image.png1920×1080 121 KB

3

What configuration did you create for the tags linux or apache in Graylog?

Is the error continuesly comming up? What exactyl is your problem?

4

Yes the error continuously comes up
I have the below configuration

collector_sidecar.yml:

server_url: http://10.175.184.251:9000/api/
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
- linux
- apache
backends:
- name: nxlog
enabled: false
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
- name: filebeat
enabled: true
binary_path: /usr/bin/filebeat
configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml

generated filebeat.xml:
filebeat:
prospectors:

  • encoding: plain
    exclude_files: []
    fields:
    collector_node_id: prd-log01.lb.nl
    gl2_source_collector: 785cb392-8649-4e08-9f8b-f93411552509
    type: log
    ignore_older: 0
    paths:
    • /var/log/*.log
      scan_frequency: 10s
      tail_files: true
      type: log
      output:
      logstash:
      hosts:
    • localhost:5044
      path:
      data: /var/cache/graylog/collector-sidecar/filebeat/data
      logs: /var/log/graylog/collector-sidecar
      tags:
  • linux
  • apache

I have configured the apache tag in graylog web . created beats input and output .

ideally im supposed to view the logs in /var/log/*.log , which im not able to see in web .

Can you help me out on this

5

When

http://10.175.184.251:9000/api/

is your Graylog REST API it is very unlikely that you can reach the BEAT Input on that host via

localhost:5044

But that is how this is configured

6

I changed the beats localhost to IP address in the configuration and it worked . Thank you :slightly_smiling_face:

Could you please let me know how is it possible to configure multiple logs beat input/output .

For now i have configured for only 1 access log

7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.