Yours seems to be slightly different. Mine is Access Denied and yours is Low Memory.
Yes, Windows Defender Firewall is fine, rules in place for both Beats and Graylog API.
Can anyone else spin up a VM of a fresh install of Graylog with a Windows 10 client and see if they get the same issue in the debug logs? These are both clean installs using the default config files.
You don’t want me to?!??! 
If I can later today I will, though I still think it is something unique in your environment.
The fresh Graylog and Windows client were spun up outside of our test and production environment therefore removing that as a variable. I used a box fresh VMware server.
I just built out a fresh Win10 machine in workgroup (no domain) with nothing but Graylog Sidecar installed, patched it all the way to current. Current default winlogbeat configuration applied and all standard win log files are flowing to Graylog. Is there anything you want me to test?
Yes, what do you see in sidecar.exe -debug?
It comes up OK and is reporting standard windows events to Graylog.
c:\Program Files\Graylog\sidecar>graylog-sidecar.exe -debug
time="2022-10-10T09:27:50-04:00" level=info msg="Using node-id: <Node-ID>"
time="2022-10-10T09:27:50-04:00" level=info msg="No node name was configured, falling back to hostname"
time="2022-10-10T09:27:50-04:00" level=debug msg="Creating rotated log writer (10/10) for: C:\\Program Files\\Graylog\\sidecar\\logs\\sidecar.log"
time="2022-10-10T09:27:50-04:00" level=info msg="Starting signal distributor"
time="2022-10-10T09:28:00-04:00" level=debug msg="Found graylog service graylog-collector-winlogbeat"
time="2022-10-10T09:28:00-04:00" level=info msg="Adding process runner for: winlogbeat"
time="2022-10-10T09:28:00-04:00" level=info msg="[winlogbeat] Configuration change detected, rewriting configuration file."
time="2022-10-10T09:28:00-04:00" level=debug msg="[signal-processor] (seq=1) handling cmd: restart"
time="2022-10-10T09:28:00-04:00" level=debug msg="Service winlogbeat already exists, updating properties"
time="2022-10-10T09:28:00-04:00" level=info msg="[winlogbeat] Starting (svc driver)"
time="2022-10-10T09:28:00-04:00" level=debug msg="[signal-processor] (seq=1) cmd done: restart"
time="2022-10-10T09:28:10-04:00" level=debug msg="[RequestBackendList] No update available."
time="2022-10-10T09:28:10-04:00" level=debug msg="Found graylog service graylog-collector-winlogbeat"
time="2022-10-10T09:28:10-04:00" level=debug msg="[RequestConfiguration] No update available, skipping update."
time="2022-10-10T09:28:20-04:00" level=debug msg="[RequestBackendList] No update available."
...
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
