I got collector-sidecar to work on my windows systems and here are some tips. I'm using the latest graylog in Docker.
- Update your graylog configuration to use GRAYLOG_WEB_ENDPOINT_URI if you haven't already, since this URI can now be under the same port as the web interface. - Beats by default uses TCP, make sure you're forwarding the right protocol for port 5044. - Install the right architecture of the collector-sidecar. If you get it wrong it will be looking for config files in the wrong places. - Collector-sidecar needs permission to write into the program files directories or you'll get errors about the content ID. Running it manually will usually result in UAC blocking the changes. Either run it as an administrator or install it as a service and give its service user write permission on its program files directory. - No changes should be necessary to the configuration if you entered the right information during installation. If collector-sidecar doesn't connect, troubleshoot permissions and connections to the graylog URI. - Even if the configuration fails, the collector will show up in the list of collectors in graylog if the connection is made. - Both winlogbeats and filebeats need some kind of configuration or the collector will show failed. You need two inputs and two outputs, one each for filebeats and one each for winlogbeats. - In the output configuration, make sure you get the syntax right for the host to connect to. You're making a JSON array of strings, so you need the brackets and single quotes around the IP/hostname:port. - When winlogbeats first connects, it will dump the entire event log to graylog, which could take a long time and take a lot of bandwidth. If there's a way to only get the tail of the logs I haven't found it yet. I also haven't yet figured out how configuration precedence works if two tags have different configurations. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c0b5053c-274c-40ad-9aad-79e93e5097bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
