Hi everyone, I have some issues with graylog sidecar. I connected domain controller to my graylog it is working and DC is sending messages via winlogbeat to graylog. However when I am checking graylog sidecar status on terminal it shows Failed.
You will likely find better clues in the sidecar log file - default location:
/var/log/graylog-sidecar/sidecar.log
Feel free to post odd things you find if they don’t make sense and you are unable to resolve. 
Not sure I understand the approach here. What does the Graylog Sidecar service in the Graylog server has to do with the Domain Controller ?
If you have Sidecar installed on the domain controller, then you should check the Sidecar client logs on the Domain Controller (not the Graylog server).
Hi, thx for response.
There is not any file like that under this directory
per @H2Cyber’s point, you described connecting your Domain Controller to Graylog but you are showing sidecar information from the Graylog server…The sidecar installation only needs to be installed on the Domain Controller, it is not required on the Graylog server unless you are monitoring log files on the Graylog server.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
