I am trying to migrate over to using the new Sidecars with 3.0. I just did the basic winlogbeat configuration that should show system, security, and application events. The collector started fine. The services are started on the server. I see the generated collector file on the server as well.
Needed for Graylog
fields_under_root: true
fields.collector_node_id: SERVERNAME-graylog-sidecar
fields.gl2_source_collector: 4xxxxxxxxxxxxxxxxxxxxxxxxx6
output.logstash:
hosts: [“0.0.0.0:5044”]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
winlogbeat:
event_logs:- name: Application
- name: System
- name: Security
=============
NO errors in the logs…
time=“2019-07-15T08:32:57-04:00” level=info msg="[winlogbeat-test] Got remote restart command"
time=“2019-07-15T08:32:57-04:00” level=info msg="[winlogbeat-test] Stopping"
time=“2019-07-15T08:32:58-04:00” level=info msg="[winlogbeat-test] Starting (svc driver)"
=============
I see events happening in the event viewer but no logs are showing up on the Graylog server. I am using SSL, not sure if that would affect anything but every thing seems to have started fine.
