Solved: Windows Sidecar Throws Error pointing to non-existent line

Hello,

I’ve installed graylog_sidecar_installer_1.0.2-1.exe on my Windows 10 machine. When I attempt to start the service, I’ve been getting failed to start. When I run the below configtest, it says that line 111 didn’t find the expected key. That’s odd because my sidecar.yaml only goes to 86 lines.

C:\Program Files\Graylog\sidecar>graylog-sidecar.exe -configtest
[ConfigFile] YAML config parsing failed on C:\Program Files\graylog\sidecar\sidecar.yml: yaml: line 111: did not find expected key. Exiting.

So I’m very stumped here. I’ve confirmed I’ve been editing the same sidecar.yml that’s in the C:\Program Files\graylog\sidecar\ directory.

Any thoughts on how to debug?

1 Like

Can you provide a redacted version of the config?

# The URL to the Graylog server API.
# Default: "http://127.0.0.1:9000/api/"
server_url: "http://192.168.X.XX:9000/api"

# The API token to use to authenticate against the Graylog server API.
# Default: none
server_api_token: "super_secret_api_token"

# The node ID of the sidecar. This can be a path to a file or an ID string.
# If set to a file and the file doesn't exist, the sidecar will generate an
# unique ID and writes it to the configured path.
#
# Example file path: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
# Example ID string: "6033137e-d56b-47fc-9762-cd699c11a5a9"
#
# ATTENTION: Every sidecar instance needs a unique ID!
#
# Default: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
node_id: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"

# The node name of the sidecar. If this is empty, the sidecar will use the
# hostname of the host it is running on.
# Default: ""
node_name: ""

# The update interval in secods. This configures how often the sidecar will
# contact the Graylog server for keep-alive and configuration update requests.
# Default: 10
update_interval: 10

# This configures if the sidecar should skip the verification of TLS connections.
# Default: false
tls_skip_verify: false

# This enables/disables the transmission of detailed sidecar information like
# collector statues, metrics and log file lists. It can be disabled to reduce
# load on the Graylog server if needed. (disables some features in the server UI)
# Default: true
send_status: true

# A list of directories to scan for log files. The sidecar will scan each
# directory for log files and submits them to the server on each update.
#
# Example:
#     list_log_files:
#       - "/var/log/nginx"
#       - "/opt/app/logs"
#
# Default: empty list
#list_log_files: []

# Directory where the sidecar stores internal data.
cache_path: "C:\\Program Files\\Graylog\\sidecar\\cache"

# Directory where the sidecar stores logs for collectors and the sidecar itself.
log_path: "C:\\Program Files\\Graylog\\sidecar\\logs"

# The maximum size of the log file before it gets rotated.
#log_rotate_max_file_size: "10MiB"

# The maximum number of old log files to retain.
#log_rotate_keep_files: 10

# Directory where the sidecar generates configurations for collectors.
collector_configuration_directory: "C:\\Program Files\\Graylog\\sidecar\\generated"

# A list of binaries which are allowed to be executed by the Sidecar. An empty list disables the whitelist feature.
# Wildcards can be used, for a full pattern description see https://golang.org/pkg/path/filepath/#Match
# Example:
     collector_binaries_whitelist:
       - "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
#       - "C:\\Program Files\\Filebeat\\filebeat.exe"
#
# Example disable whitelisting:
#     collector_binaries_whitelist: []
#
# Default:
# collector_binaries_whitelist:
#  - "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe"
#  - "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
#  - "C:\\Program Files\\Filebeat\\filebeat.exe"
#  - "C:\\Program Files\\Packetbeat\\packetbeat.exe"
#  - "C:\\Program Files\\Metricbeat\\metricbeat.exe"
#  - "C:\\Program Files\\Heartbeat\\heartbeat.exe"
#  - "C:\\Program Files\\Auditbeat\\auditbeat.exe"
#  - "C:\\Program Files (x86)\\nxlog\\nxlog.exe"

@cinemafunk I passed your file through a yamllint and find these errors:

 yamllint sidecar.yml 
sidecar.yml
  3:1       warning  missing document start "---"  (document-start)
  31:81     error    line too long (81 > 80 characters)  (line-length)
  37:81     error    line too long (81 > 80 characters)  (line-length)
  50:2      warning  missing starting space in comment  (comments)
  59:2      warning  missing starting space in comment  (comments)
  62:2      warning  missing starting space in comment  (comments)
  65:81     error    line too long (83 > 80 characters)  (line-length)
  67:1      warning  comment not indented like content  (comments-indentation)
  67:81     error    line too long (115 > 80 characters)  (line-length)
  68:81     error    line too long (103 > 80 characters)  (line-length)
  70:6      error    syntax error: expected <block end>, but found '<block mapping start>' (syntax)

Edit your file fixing these errors and give it another try.

1 Like

Yaml is strict on indentation - you have a line at the end that is indented but should not be:

 collector_binaries_whitelist:
   - "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"

Here is a working sidecar.yml from one of our windows systems:

server_url: http://Glog-thing:9000/api/
server_api_token: "super_secret_thing" 
update_interval: 10
tls_skip_verify: true
send_status: true
list_log_files:
collector_id: file:C:\Program Files\Graylog\sidecar\collector-id
cache_path: C:\Program Files\Graylog\sidecar\cache
log_path: C:\Program Files\Graylog\sidecar\logs
log_rotation_time: 86400
log_max_age: 604800
tags: [windows]
collector_binaries_whitelist: []
backends:
    - name: nxlog
      enabled: false
      binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
      configuration_path: C:\Program Files\Graylog\sidecar\generated\nxlog.conf
    - name: winlogbeat
      enabled: true
      binary_path: C:\Program Files\Graylog\sidecar\winlogbeat.exe
      configuration_path: C:\Program Files\Graylog\sidecar\generated\winlogbeat.yml
    - name: filebeat
      enabled: true
      binary_path: C:\Program Files\Graylog\sidecar\filebeat.exe
      configuration_path: C:\Program Files\Graylog\sidecar\generated\filebeat.yml
    - name: auditbeat
      enabled: false
      binary_path: C:\Program Files\Graylog\sidecar\auditbeat.exe
      configuration_path: C:\Program Files\Graylog\sidecar\generated\auditbeat.yml
1 Like

I was going to say, yamllint is your friend, and it’s absolutely particular, as @tmacgbay mentioned. Both of the replies should get you in a good spot.

Oy vey. That was it. I used to original YAML file provided in the software. But yes, that worked.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.