Hello, hoping someone can help here. I’ve installed sidecar on 3 machines and updated sidecar.yml with the recomended values in the configuration including the server_url and token which was generated on graylog. When I run sidecar and check the logs I am only getting this error:
time=“2019-10-04T17:21:02Z” level=error msg="[UpdateRegistration] Bad response from Graylog server: 404 Not Found"
My sidecar.yml file:
server_url: https://< fqdn of graylog server >:9000/api/
server_api_token: kfokjtpk8r4dnhtab15j9e909hqq5vm86h844ps40so76vldafe
node_id: /etc/graylog/sidecar/node-id
node_name: < fqdn of host >
update_interval: 10
tls_skip_verify: true
send_status: true
list_log_files:
cache_path: /var/cache/graylog-sidecar
collector_configuration_directory: /var/lib/graylog-sidecar/generated
log_path: /var/log/graylog-sidecar
log_rotate_max_file_size: 10MiB
log_rotate_keep_files: 50
If I curl the server_url I get a blank response. Is that normal? Is there another URL I should use here? I can reach my graylog server on port 9000 with telnet and curl and it seems to be getting a response from graylog AFAIT from the logs. What is missing here?
I tried explicitly setting the http_external_uri, http_publish_uri and server_url to the same value (https://< fqdn of graylog server >:9000/) but it still gives me a 404 error on the sidecar logs.
The http_external_uri of the server is normally unset in all my graylog deployments, I’m using the default which relies upon http_bind_address being set which is the fqdn of the server. I’m not trying to reach this machine from another network and there is only one NIC, it’s also not load balanced which seems to be the conditions for setting http_publish_uri as well as http_external_uri.
When I restart the server and tail the logs I am getting the following error:
time=“2019-10-07T12:04:14Z” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://< fqdn of server >:9000/sidecars/etc/graylog/sidecar/node-id: dial tcp < ip of server >:9000: connect: connection refused"
And then it goes back to: time=“2019-10-07T12:04:25Z” level=error msg="[UpdateRegistration] Bad response from Graylog server: 404 Not Found"
I guess nobody noticed this. Don’t feel bad, neither did I
I figured it out after restarting the server and tailing the logs that it was looking for https://< fqdn >:9000/api/sidecars/etc/graylog/sidecar/node-id
The documentation says node_id must be preceeded with “file:” if you are going to specify a file. Not sure how that got removed in the install but there you have it. Once that was corrected my sidecars were able to report to my server.
FWIW you do NOT need to specify http_external_uri as long as your http_bind_address is specified and reachable. By default http_publish_uri will be populated with that value.
