Problem description
Unable to start Sidecar Installation. File are not being created in the “Generated” folder (see issue https://github.com/Graylog2/collector-sidecar/issues/216). Not sure why that issue was closed.
Steps to reproduce the problem
-
Run Powershell or CMD Command:
collector_sidecar_installer_0.1.6-1.exe /S -SERVERURL=http://server-fqdn:9000/api -TAGS="windows"
-
C:\Program Files\graylog\collector-sidecar\graylog-collector-sidecar.exe -service install
-
C:\Program Files\graylog\collector-sidecar\graylog-collector-sidecar.exe -service start
-
View error logs:
collector_sidecar.log:
time="2018-06-04T11:01:35-04:00" level=info msg="Starting signal distributor"
time="2018-06-04T11:01:35-04:00" level=info msg="[winlogbeat] Starting (exec driver)"
time="2018-06-04T11:01:35-04:00" level=info msg="[filebeat] Starting (exec driver)"
time="2018-06-04T11:01:36-04:00" level=error msg="[winlogbeat] Backend finished unexpectedly, trying to restart 1/3."
time="2018-06-04T11:01:36-04:00" level=info msg="[winlogbeat] Stopping"
time="2018-06-04T11:01:36-04:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 1/3."
time="2018-06-04T11:01:36-04:00" level=info msg="[filebeat] Stopping"
time="2018-06-04T11:01:38-04:00" level=info msg="[winlogbeat] Starting (exec driver)"
time="2018-06-04T11:01:38-04:00" level=info msg="[filebeat] Starting (exec driver)"
time="2018-06-04T11:01:39-04:00" level=error msg="[winlogbeat] Backend finished unexpectedly, trying to restart 2/3."
time="2018-06-04T11:01:39-04:00" level=info msg="[winlogbeat] Stopping"
time="2018-06-04T11:01:39-04:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 2/3."
time="2018-06-04T11:01:39-04:00" level=info msg="[filebeat] Stopping"
time="2018-06-04T11:01:41-04:00" level=info msg="[winlogbeat] Starting (exec driver)"
time="2018-06-04T11:01:41-04:00" level=info msg="[filebeat] Starting (exec driver)"
time="2018-06-04T11:01:42-04:00" level=error msg="[winlogbeat] Backend finished unexpectedly, trying to restart 3/3."
time="2018-06-04T11:01:42-04:00" level=info msg="[winlogbeat] Stopping"
time="2018-06-04T11:01:42-04:00" level=error msg="[filebeat] Backend finished unexpectedly, trying to restart 3/3."
time="2018-06-04T11:01:42-04:00" level=info msg="[filebeat] Stopping"
time="2018-06-04T11:01:44-04:00" level=info msg="[winlogbeat] Starting (exec driver)"
time="2018-06-04T11:01:44-04:00" level=info msg="[filebeat] Starting (exec driver)"
time="2018-06-04T11:01:45-04:00" level=error msg="[winlogbeat] Unable to start collector after 3 tries, giving up!"
filebeat_stderr.log.
filebeat2018/06/04 15:01:35.429813 beat.go:635: CRIT Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml: The system cannot find the file specified.
Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml: The system cannot find the file specified.
winlogbeat_stderr.log.
winlogbeat2018/06/04 15:01:35.452818 beat.go:635: CRIT Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml: The system cannot find the file specified.
Exiting: error loading config file: open C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml: The system cannot find the file specified.
- Confirmed no files are being created in
C:\Program Files\Graylog\collector-sidecar\generated
Configuration File
server_url: http://server-fqdn:9000/api
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: graylog-collector-sidecar
collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id
cache_path: C:\Program Files\graylog\collector-sidecar\cache
log_path: C:\Program Files\graylog\collector-sidecar\logs
log_rotation_time: 86400
log_max_age: 604800
tags: [windows]
backends:
- name: nxlog
enabled: false
binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf
- name: winlogbeat
enabled: true
binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml
- name: filebeat
enabled: true
binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe
configuration_path: C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml
Environment
- Sidecar Version: 0.1.6-1 (latest)
- Graylog Version: 2.4.5+8e18e6a
- Operating System: Ubuntu 16.04
- Elasticsearch Version: 5.6.7
- MongoDB Version: 3.4.15
- Target System: Server 2012R2
Attempted resolutions
- Run as Administrator.
- Run as Local Administrator.
- Place quotes in directory locations of .yml configuration file.
If need be, I can submit this on GIthub Issues.