So I’ve been trying to automate the deployment of graylog with winlogbeat so I can push it out to a large network of machines, without having to interact with the Web UI or perform any manual tasks.
I created a script to install sidecar, replace the configuration files with desired configurations, install- and start the sidecar service, but then I ran into a problem where winlogbeat didn’t execute by itself. I realized I had to activate it from the Web UI, so that the winlogbeat executable started as a service.
However, I changed the script to automatically install and start the winlogbeat service - but it seems that sidecar stops it by default. If I name the winlogbeat service after the sidecar convention by calling it “graylog-collector-winlogbeat”, Graylog sidecar will somehow realize that the service is not enabled through the Web UI and terminate the service. However, if I name the sidecar service “graylog-winlogbeat” without the “collector” part, the service will execute fine and not get terminated.
Is there any supported/default way to perform a full deployment without any manual interaction? Or will I have to run the service with an irregular service name?