I’m trying to make a collector for Sysmon via the Graylog 3 sidecar functionality. I’ve created the log collection, the configuration, and applied it to a sidecar. Despite the fact I’ve updated the sidercar.yml file on the host to include the path for sysmon in the whitelist, I am still getting Couldn't execute collector C:\Windows\System32\Sysmon64.exe [C:\Windows\System32\sysmon64.exe], binary path is not included incollector_binaries_whitelist’ config option`. I also tried just disabling the binary whitelist but that did not work either. Below are screenshots of the collector and sidecar configs. Anyone see what I’m doing wrong?
Was the error message the same after you disabled the whitelist? And how did you disable it, just by commenting it out in the config or by passing an empty list?
Yes, same error message. And disabled it by passing an empty list.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.