Hello,
I have graylog installed and getting rsyslog messages ok, but i wanted to add httpd logs, so installed the sidecar on the remote system along with filebeat.
Graylog tells me the sidecar is running, but when i click “show messages” there is nothing.
I’m a bit stumped now, connectivity seems ok (i think), graylog seems to be running as it should, I have disabled tls all round, not sure what to check next.
my sidecar config: (aiming to get all logs under /var/log/httpd) (192.168.0.10 is my graylog server)
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
filebeat.inputs:
- input_type: log
paths:
- /var/log/httpd
type: log
output.logstash:
hosts: ["192.168.0.10:5044"]
path:
data: /var/lib/graylog-sidecar/collectors/filebeat/data
logs: /var/lib/graylog-sidecar/collectors/filebeat/log
if i go to ‘sidecars’ and click the ‘name’ i see a list of logs i would like sent, but just can’t work out why they are not being sent. any help getting them would be greatly appreciated.