Hi Alexander, this seems to be an issue with quoting the parameters for Winlogbeat.
Please create a bug report for this at https://github.com/Graylog2/collector-sidecar/issues. Cheers, Jochen On Thursday, 27 October 2016 19:20:43 UTC+2, Alexander Hermes wrote: > > Hi All, > > I am having a lot of trouble getting a basic collecotr-sidecar w/ > winlogbeat setup to work: > > Having just installed the graylog virtual appliance, I set about > configuring a collector on one of the remote machines I want to monitor. > The remote machine is running windows 2012 Server R2 64bit. > > I successfully installed the graylog-collector sidecar and was able to > pull down a very basic winlogbeat configuration, which was promptly placed > at generated/winlogbeat.yml. So far, so good. However, when I try to run > the sidecar, winlogbeat exits with an error about not being able to find > the configuration file: > > Loading config file error: Failed to read "C:\Program > Files\graylog\collector-sidecar\generated\winlogbeat.yml": open "C:\Program > Files\graylog\collector-sidecar\generated\winlogbeat.yml": The filename, > directory name, or volume label syntax is incorrect.. Exiting. > > The error message is mistifying as the indicated path *does* exist! > Indeed, if I run winlogbeat from the command console as follows, it > completes without complaint: > > C:\Program Files\graylog\collector-sidecar>winlogbeat.exe -c "C:\Program > Files\graylog\collector-sidecar\generated\winlogbeat.yml" -configtest > > Can anyone help me figure out why the sidecar is not able to start > winlogbeat successfully? Some more details on my setup are below > > Thanks, > > Alex > > *graylog-collector-sidecar release*:0.1.0-alpha.2 > <https://github.com/Graylog2/collector-sidecar/releases/tag/0.1.0-alpha.2> > > *collector-sidecar.yml:* > server_url: http://devopslogs.datcon.co.uk/api > update_interval: 10 > tls_skip_verify: false > send_status: true > list_log_files: > node_id: graylog-collector-sidecar > collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id > log_path: C:\Program Files\graylog\collector-sidecar > log_rotation_time: 86400 > log_max_age: 604800 > tags: [windows, iis] > backends: > - name: nxlog > enabled: false > binary_path: C:\Program Files (x86)\nxlog\nxlog.exe > configuration_path: C:\Program > Files\graylog\collector-sidecar\generated\nxlog.conf > - name: winlogbeat > enabled: true > binary_path: C:\Program > Files\graylog\collector-sidecar\winlogbeat.exe > configuration_path: 'C:\Program > Files\graylog\collector-sidecar\generated\winlogbeat.yml' > - name: filebeat > enabled: true > binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe > configuration_path: 'C:\Program > Files\graylog\collector-sidecar\generated\filebeat.yml' > > *generated/winlogbeat.yml* > output: > logstash: > hosts: > - devopslogs:5044 > shipper: > tags: > - windows > - iis > winlogbeat: > event_logs: > - name: Application > - name: System > - name: Security > > > > *Graylog:*v2.1.1+01d50e5 > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2adfbfc6-0f9f-424d-9347-08b4dd1bd22f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
