Windows Graylog Collector Issues - The system cannot find the file specified

Problem description
Unable to start Sidecar Installation. File are not being created in the “Generated” folder (see issue https://github.com/Graylog2/collector-sidecar/issues/216). Not sure why that issue was closed.

Steps to reproduce the problem

  1. Run Powershell or CMD Command:
    collector_sidecar_installer_0.1.6-1.exe /S -SERVERURL=http://server-fqdn:9000/api -TAGS="windows"

  2. C:\Program Files\graylog\collector-sidecar\graylog-collector-sidecar.exe -service install

  3. C:\Program Files\graylog\collector-sidecar\graylog-collector-sidecar.exe -service start

  4. View error logs:

collector_sidecar.log:

time="2018-06-04T11:01:35-04:00" level=info msg="Starting signal distributor" 
time="2018-06-04T11:01:35-04:00" level=info msg="[winlogbeat] Starting (exec driver)" 
time="2018-06-04T11:01:35-04:00" level=info msg="[filebeat] Starting (exec driver)" 
time="2018-06-04T11:01:36-04:00" level=error msg="[winlogbeat] Backend finished unexpectedly, trying to restart 1/3." 
time="2018-06-04T11:01:36-04:00" level=info msg="[winlogbeat] Stopping" 
time="2018-06-04T11:01:36-04:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 1/3." 
time="2018-06-04T11:01:36-04:00" level=info msg="[filebeat] Stopping" 
time="2018-06-04T11:01:38-04:00" level=info msg="[winlogbeat] Starting (exec driver)" 
time="2018-06-04T11:01:38-04:00" level=info msg="[filebeat] Starting (exec driver)" 
time="2018-06-04T11:01:39-04:00" level=error msg="[winlogbeat] Backend finished unexpectedly, trying to restart 2/3." 
time="2018-06-04T11:01:39-04:00" level=info msg="[winlogbeat] Stopping" 
time="2018-06-04T11:01:39-04:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 2/3." 
time="2018-06-04T11:01:39-04:00" level=info msg="[filebeat] Stopping" 
time="2018-06-04T11:01:41-04:00" level=info msg="[winlogbeat] Starting (exec driver)" 
time="2018-06-04T11:01:41-04:00" level=info msg="[filebeat] Starting (exec driver)" 
time="2018-06-04T11:01:42-04:00" level=error msg="[winlogbeat] Backend finished unexpectedly, trying to restart 3/3." 
time="2018-06-04T11:01:42-04:00" level=info msg="[winlogbeat] Stopping" 
time="2018-06-04T11:01:42-04:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 3/3." 
time="2018-06-04T11:01:42-04:00" level=info msg="[filebeat] Stopping" 
time="2018-06-04T11:01:44-04:00" level=info msg="[winlogbeat] Starting (exec driver)" 
time="2018-06-04T11:01:44-04:00" level=info msg="[filebeat] Starting (exec driver)" 
time="2018-06-04T11:01:45-04:00" level=error msg="[winlogbeat] Unable to start collector after 3 tries, giving up!" 

filebeat_stderr.log.

filebeat2018/06/04 15:01:35.429813 beat.go:635: CRIT Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml: The system cannot find the file specified.
Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml: The system cannot find the file specified.

winlogbeat_stderr.log.

winlogbeat2018/06/04 15:01:35.452818 beat.go:635: CRIT Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml: The system cannot find the file specified.
Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml: The system cannot find the file specified.
  1. Confirmed no files are being created in C:\Program Files\Graylog\collector-sidecar\generated

Configuration File

server_url: http://server-fqdn:9000/api 
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: graylog-collector-sidecar
collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id
cache_path: C:\Program Files\graylog\collector-sidecar\cache
log_path: C:\Program Files\graylog\collector-sidecar\logs
log_rotation_time: 86400
log_max_age: 604800
tags: [windows]
backends:
    - name: nxlog
      enabled: false
      binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
      configuration_path: C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf
    - name: winlogbeat
      enabled: true
      binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe
      configuration_path: C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml
    - name: filebeat
      enabled: true
      binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe
      configuration_path: C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml

Environment

  • Sidecar Version: 0.1.6-1 (latest)
  • Graylog Version: 2.4.5+8e18e6a
  • Operating System: Ubuntu 16.04
  • Elasticsearch Version: 5.6.7
  • MongoDB Version: 3.4.15
  • Target System: Server 2012R2

Attempted resolutions

  1. Run as Administrator.
  2. Run as Local Administrator.
  3. Place quotes in directory locations of .yml configuration file.

If need be, I can submit this on GIthub Issues.

Figured it out. Needed to finish the Step-By-Step and create my Beats Input in Graylog.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.