I am trying to migrate over to using the new Sidecars with 3.0. I just did the basic winlogbeat configuration that should show system, security, and application events. The collector started fine. The services are started on the server. I see the generated collector file on the server as well.
Needed for Graylog
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
- name: Application
- name: System
- name: Security
NO errors in the logs…
time=“2019-07-15T08:32:57-04:00” level=info msg="[winlogbeat-test] Got remote restart command"
time=“2019-07-15T08:32:57-04:00” level=info msg="[winlogbeat-test] Stopping"
time=“2019-07-15T08:32:58-04:00” level=info msg="[winlogbeat-test] Starting (svc driver)"
I see events happening in the event viewer but no logs are showing up on the Graylog server. I am using SSL, not sure if that would affect anything but every thing seems to have started fine.