Hi everyone , I’m new to Graylog and I have some difficulties with Winlogbeats.
I can’t see all Winlogbeat in the sidecar list page.
I have deployed sidecar on approximately 60 windows box.
In the sidecar/administration page i see only 25.
In the input page there is always max 25 active connection.
I have already reboot the server and reinstall some winlogbeat.
How can I resolve my issue ?
Do I need an enterprise license to add more than 25 input connections ?
No, this area is unlimited. Check the System/Sidecar/overview page to see if the sidecars are running and configurations are applied to all of them. On the windows machines that are not reporting there are log files you can examine (default location is: C:\Program Files\Graylog\sidecar\logs) You can post up log snippets (using the </> forum tool to make code/logs pretty and obfuscating where needed) if you have further questions…
here some log from windows machine that are not reporting
time="2022-08-04T11:56:45+02:00" level=info msg="Starting signal distributor"
time="2022-08-04T11:57:16+02:00" level=error msg="[UpdateRegistration] Failed to report collector status to server: Put \"http://x.x.x.x:9000/api%20/sidecars/xxxx\": dial tcp x.x.x.x:9000: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."
time="2022-08-04T12:47:14+02:00" level=error msg="[UpdateRegistration] Bad response from Graylog server: 404 Not Found"
time="2022-08-04T16:43:56+02:00" level=error msg="[UpdateRegistration] Failed to report collector status to server: Put \"http://x.x.x.x:9000/api%20/sidecars/2c5b7b80-53f8-44f0-b5ba-feace31c8199\": EOF"
time="2022-08-04T16:44:08+02:00" level=error msg="[UpdateRegistration] Failed to report collector status to server: Put \"http://x.x.x.x:9000/api%20/sidecars/2c5b7b80-53f8-44f0-b5ba-feace31c8199\": dial tcp x.x.x.x:9000: connectex: No connection could be made because the target machine actively refused it."
time="2022-08-04T17:48:49+02:00" level=error msg="[UpdateRegistration] Failed to report collector status to server: Put \"http://x.x.x.x:9000/api%20/sidecars/2c5b7b80-53f8-44f0-b5ba-feace31c8199\": read tcp x.x.x.x:59029->172.17.4.24:9000: wsarecv: An existing connection was forcibly closed by the remote host."
A connection attempt failed because the connected party did not properly respond after a period of time,or established connection failed because connected host has failed to respond." connection could be made because the target machine actively refused it."
You could try this if your TCP connection is not configured correctly.
# This configures if the sidecar should skip the verification of TLS connections.
# Default: false
tls_skip_verify: true
