Hi All, I am having a lot of trouble getting a basic collecotr-sidecar w/ winlogbeat setup to work:
Having just installed the graylog virtual appliance, I set about configuring a collector on one of the remote machines I want to monitor. The remote machine is running windows 2012 Server R2 64bit. I successfully installed the graylog-collector sidecar and was able to pull down a very basic winlogbeat configuration, which was promptly placed at generated/winlogbeat.yml. So far, so good. However, when I try to run the sidecar, winlogbeat exits with an error about not being able to find the configuration file: Loading config file error: Failed to read "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, directory name, or volume label syntax is incorrect.. Exiting. The error message is mistifying as the indicated path *does* exist! Indeed, if I run winlogbeat from the command console as follows, it completes without complaint: C:\Program Files\graylog\collector-sidecar>winlogbeat.exe -c "C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml" -configtest Can anyone help me figure out why the sidecar is not able to start winlogbeat successfully? Some more details on my setup are below Thanks, Alex *graylog-collector-sidecar release*:0.1.0-alpha.2 <https://github.com/Graylog2/collector-sidecar/releases/tag/0.1.0-alpha.2> *collector-sidecar.yml:* server_url: http://devopslogs.datcon.co.uk/api update_interval: 10 tls_skip_verify: false send_status: true list_log_files: node_id: graylog-collector-sidecar collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id log_path: C:\Program Files\graylog\collector-sidecar log_rotation_time: 86400 log_max_age: 604800 tags: [windows, iis] backends: - name: nxlog enabled: false binary_path: C:\Program Files (x86)\nxlog\nxlog.exe configuration_path: C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf - name: winlogbeat enabled: true binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe configuration_path: 'C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml' - name: filebeat enabled: true binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe configuration_path: 'C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml' *generated/winlogbeat.yml* output: logstash: hosts: - devopslogs:5044 shipper: tags: - windows - iis winlogbeat: event_logs: - name: Application - name: System - name: Security *Graylog:*v2.1.1+01d50e5 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c3773ab6-b402-46f9-9f4a-d1bc128a9865%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
