Hi,
I recently added a self signed certificate for https to my Graylog server using the Graylog docs ( Using HTTPS — Graylog 4.0.0 documentation ). After that my Sidecars stopped showing up on the web interface. So I edited the config to:
output.logstash:
hosts: ["https://192.168.***.***:5044"]
Now the status of my sidecars says “running”. But they wont send any logs.
-----CONFIGS----
I didn’t change much but here they are.
-Winlogbeat Collector Configuration
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: ["https://192.168.***.***:5044"]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
winlogbeat:
event_logs:
- name: Application
- name: System
- name: Security
-INPUT for winlogbeat
bind_address: 0.0.0.0
no_beats_prefix: false
number_worker_threads:4
override_source:<empty>
port: 5044
recv_buffer_size:1048576
tcp_keepalive: false
tls_cert_file: /etc/graylog/cert.pem
tls_client_auth: disabled
tls_client_auth_cert_file: <empty>
tls_enable: true
tls_key_file: /etc/graylog/pkcs8-encrypted.pem
tls_key_password: ********
I also get that error message in my graylog server log:
Thank you in advance!