Run Collector Sidecar as another user


#1

Hello,
I want to run the service Collector Sidecar as another user on Windows because it runs as Local System by default which can be dangerous.
I give the following rights to the user:

  • full control on C:\Program Files\Graylog
  • full control on C:\Program Files\nxlog
  • full control on the security descriptor of the nxlog service
  • GPO: Act as part of the operating system
  • GPO: Bypass traverse checking
  • GPO: Log on as a batch job
  • GPO: Log on as a service
  • GPO: Replace a process-level token

However it does not work.
When I click on Start service from services.msc, Windows says error 1053 the service timeout.
It only works with the nxlog service.
If I put my user in the administrators group then everything works fine.

Do you have any ideas ?
Can I have some information about what the installer exactly do ? Where can I find the source of the installer ?
Files are only created in the installation path ?
Does it requires an other directory to work ? For example a temporary directory ?


(Jan Doberstein) #2

The source can be found over at https://github.com/Graylog2/collector-sidecar

You could create a feature request out of your question if you think that this is missing or give a bug report if you see that something is not running.


(Matt) #3

Hey Frantz, try running the SysInternals tools on windows to determine where the issue lies, specifically Process Explorer and Process Monitor. There are some good guides out there on how to do this but essentially you trace the process(es) for the Collector, correct the pemrissions failure and re-run until you finally get it all working.

Hope that helps.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.