np97190
December 12, 2018, 7:45pm
1
HI,
I am new to graylog and I have tried setting up sidecar with winlogbeat which seems to be configured properly, but I am not receiving events in graylog. Here are the details -
Global Input-
Winlogbeat.yml
fields:
collector_node_id: graylog-collector-sidecar
gl2_source_collector: 429cfebb-462b-45b9-9082-ee958656cb5e
output:
logstash:
hosts:
- XX.XX.XX.X:5044
path:
data: C:\Program Files\graylog\collector-sidecar\cache\winlogbeat\data
logs: C:\Program Files\graylog\collector-sidecar\logs
tags:
- windows
winlogbeat:
event_logs:
- name: Application
- name: System
- name: Security
I could see EventLog[System] successfully published 1 events log entry in winlogbeat log file but in graylog web UI there is no data under search tab.
First order of business is: did you handwrite the winlogbeat.yml file? Or was it generated by Graylog? Because it’s the latter that needs to be done. When using the Sidecar, you don’t manually manage BEATS.
Funnily enough we just had a discussion about setting up the Sidecar over here:
I see that this topic has been covered a couple of times. And in each time I go through thread I replicate the solutions/checks and still have this issue.
a) Is it normal for file = /etc/graylog/collector-sidecar/generated/filebeat.yml to be missing after installing collector-sidecar 0.1.6? Is it OK if I take filebeat config from forum and customize it. Then replace the missing filebeat.yml?
b) My config for tags is as below. The tags show in Graylog 2.4 appliance I am using for demo. Does thi…
np97190
December 13, 2018, 8:51am
3
Thanks for the response
winlogbeat.yml was created automatically when configuration was created in graylog.
I found out that the problem is with Graylog server. I pointed windows collector to other graylog server and it is sending logs to server.
Thanks
2 Likes
system
December 27, 2018, 8:51am
4
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
