server_url: https://graylog.domain.com/api/ update_interval: 10 tls_skip_verify: false send_status: true list_log_files: node_id: hostname collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id log_path: C:\Program Files\graylog\collector-sidecar log_rotation_time: 86400 log_max_age: 604800 tags: [winsec] backends: - name: nxlog enabled: false binary_path: C:\Program Files (x86)\nxlog\nxlog.exe configuration_path: C:\Program Files\graylog\collector-sidecar\ generated\nxlog.conf - name: winlogbeat enabled: true binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe configuration_path: C:\Program Files\graylog\collector-sidecar\ generated\winlogbeat.yml - name: filebeat enabled: false binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe configuration_path: C:\Program Files\graylog\collector-sidecar\ generated\filebeat.yml
I'm on graylog 2.1.1 and I'm using the collector sidecar 0.1.0-alpha.2 downloaded from github Here's my collector_sidecar.yml and the error log generated below. I'm not doing anything particularly out of the ordinary, I'm just trying to get winlogbeat to collect Security Events and send them back. The winlogbeat.yml file in question is definitely there, because it is being generated by the collector sidecar and placed in the generated directory. I created the configuration in the web interface for a Beats input and output, and have defined the configuration tag "winsec". Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2a7ecdd3-1d38-45ce-bf62-f4b09de52540%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
