Version is 0.1.0 (3880fd) [go1.7.4/amd64]
Le 15 déc. 2016 10:39, "Marius Sturm" <[email protected]> a écrit : > Hi, > which sidecar version is this? Could please stop all those winlogbeat > precesses and try the same with 0.1.0-beta.2 > > Cheers, > Marius > > On 15 December 2016 at 08:17, CSG <[email protected]> wrote: > > > > If i stop the graylog_collector_sidecar service and then run manually > > winlogbeat -c generated\winlogbeat.yml, all is working fine > > I can insert a dummy event and i can see it in graylog web interface. > > > > Then, if i stop the manual launch of winlogbeat and restart > > graylog_collector_sidecar service, the latest launch many times the > > winlogbeat.exe process > > > > See sockets established, list of process in taskmgr. > > > > if i create a dummy event, it appears several time in graylog2 web > > interface, probably because many winlogbeat processes are running. > > > > One interesting trace is the "service process could not connect to the > > service controler" > > > > On Wednesday, December 14, 2016 at 5:31:04 PM UTC+1, CSG wrote: > >> > >> I have installed Graylog Appliance v2.1 (1st machine) , > >> i have installed graylog_collector_sidecar.exe on a Windows 2008 R2 > >> (2nd machine), i have not installed winlogbeat.exe as it is embedded > into > >> the graylog directory > >> > >> communication is established between both machines > >> > >> I have configured an input and output on a configuration linked to the > >> Windows and iis tags (tags found in graylog_collector_sidecar.yml file) > >> > >> Graylogserver can see this collector > >> > >> When i run graylog_collector_sidecar.exe in a cmd for debug purpose, i > >> can see that winlogbeat keeps on starting, then crashing with those > logs : > >> > >> > >> msg="[Winlogbeat] Starting <exec driver>" > >> msg="[Winlogbeat] Configuration change detected, rewriting configuration > >> file" > >> msg="[Winlogbeat] Stopping" > >> msg="[Winlogbeat] Backend crashed, trying to restart 1/3" > >> .... > >> msg="[Winlogbeat] Unable to start collector after 3 tries, giving up" > >> msg="[Winlogbeat] Starting <exec driver>" > >> > >> On Graylog Appliance : > >> - status of this collector loops between Running and Failing > >> > >> how can i avoid these never ending crash ? > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Graylog Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/graylog2/3e285996-a4e8- > 4882-93e3-1e1033611ac8%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog Company > Poolstraße 21 > 20335 Hamburg > Germany > > https://www.graylog.com > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/graylog2/atbsCRB4stQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/CAMqbBb%2BT6zO%3DXn%3D-hH%2B%2BcjiGmUfEc6QuE3Y- > o5m64yUFJ1rm%2Bg%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAE8VFoHNZqLR4j8qoWn7CrX%3DU6ULVJdw5bK2nLcyfr4wh1C-_Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
