Ubuntu Sidecar installer problems

dgingerich · October 24, 2017, 5:33pm

I have a fresh built VM running Ubuntu 16.04.2, and then installed the Sidecar collector v0.1.4-1. the sidecar collector service refuses to run, stating “[filebeat] Backend finished unexpectedly, trying to restart” three times, and then quitting.

Is there something I can do to fix this?

jochen · October 24, 2017, 9:00pm

Please post the complete contents of the logs of the Collector Sidecar.
Additionally you should post the configuration of the Collector Sidecar and the generated configuration for Filebeat.

dgingerich · October 24, 2017, 9:55pm

Sidecar config:

server_url: http://10.10.21.37:9000/api/
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: graylog-collector-sidecar
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
    - linux
backends:
    - name: nxlog
      enabled: false
      binary_path: /usr/bin/nxlog
      configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
    - name: filebeat
      enabled: true
      binary_path: /usr/bin/filebeat
      configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml

Sidecar logs:

time="2017-10-24T10:08:11-06:00" level=info msg="Starting signal distributor"
time="2017-10-24T10:08:11-06:00" level=info msg="[filebeat] Starting (exec driver)"
time="2017-10-24T10:08:12-06:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 1/3."
time="2017-10-24T10:08:12-06:00" level=info msg="[filebeat] Stopping"
time="2017-10-24T10:08:14-06:00" level=info msg="[filebeat] Starting (exec driver)"
time="2017-10-24T10:08:15-06:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 2/3."
time="2017-10-24T10:08:15-06:00" level=info msg="[filebeat] Stopping"
time="2017-10-24T10:08:17-06:00" level=info msg="[filebeat] Starting (exec driver)"
time="2017-10-24T10:08:18-06:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 3/3."
time="2017-10-24T10:08:18-06:00" level=info msg="[filebeat] Stopping"
time="2017-10-24T10:08:20-06:00" level=info msg="[filebeat] Starting (exec driver)"
time="2017-10-24T10:08:21-06:00" level=info msg="[RequestConfiguration] No configuration found for configured tags!"
time="2017-10-24T10:08:21-06:00" level=error msg="[filebeat] Unable to start collector after 3 tries, giving up!"

I’m not sure where to find the config for Filebeat. Still looking.

dgingerich · October 24, 2017, 10:14pm

There does not appear to be a filebeat configuration file. There is no filebeat folder in /etc.

dgingerich · October 24, 2017, 10:26pm

I’ve done a search of the whole hard drive. There is no filebeat.yml file at all. This is probably why it isn’t working. Is there something extra I can to do to fix this?

jochen · October 25, 2017, 6:49am

The Filebeat configuration file should be located at /etc/graylog/collector-sidecar/generated/filebeat.yml (as you can read in your Collector Sidecar configuration).
If that file doesn’t exist, make sure that the Collector Sidecar is allowed to write into the given directory (/etc/graylog/collector-sidecar/generated).

dgingerich · October 25, 2017, 1:54pm

Yeah, that folder is there and is writable, and the file isn’t there. Even trying on a full new VM, installing Ubuntu 16.04.2 and then the sidecar app, I get the same results: folder exists, filebeat.yml not there.

jochen · October 25, 2017, 2:37pm

What’s the output of the following command?

namei -l /etc/graylog/collector-sidecar/generated

Have you created a configuration with the tag “linux” in the Graylog web interface?
http://docs.graylog.org/en/2.3/pages/collector_sidecar.html#step-by-step-guide

dgingerich · October 25, 2017, 2:48pm

Here’s the response I get from that command:
f: /etc/graylog/collector-sidecar/generated
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxrwxr-x root root graylog
drwxrwxr-x root root collector-sidecar
drwxrwxr-x root root generated
No, I had not. I hadn’t been able to get the sidecar collector daemon to run, so I hadn’t moved on. Are you saying that it gets some of this local config from the server? That seems a bit counter-intuitive to me. I’ve created it now. We’ll see how it works.

jochen · October 25, 2017, 3:18pm

That’s the whole point of the Collector Sidecar: Enabling users to configure the log shippers on remote systems in the Graylog web interface.

system · November 8, 2017, 3:18pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog backend not starting Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx , failoadcongfigfblx	2	1288	March 28, 2018
Graylog Collector Sidecar Linux Filebeat Failing Graylog Central (peer support) sidecar , filebeat-linux , filebeat-windows	2	2097	June 15, 2017
Sidecar 1.5 can't start the filebeat that it is shipped with Graylog Central (peer support) filebeat-linux	2	487	December 1, 2023
Failed loading configuration Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx , failoadcongfigfblx	15	5324	August 2, 2018
Collector side car using filebeat Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx , failoadcongfigfblx	23	5229	April 12, 2018

Ubuntu Sidecar installer problems

Related Topics