mpfz0r
commented
5 years ago First of all, thank you for your detailed bug report :+1:
In your screenshot at step 7 you can see that the sidecar fails to find the filebeat binary.
Please see: http://docs.graylog.org/en/3.0/pages/sidecar.html#install-new-sidecar
Note: In case you were using filebeat on Linux, please make sure to also install the official collector package, since the filebeat binary is not part of the Sidecar package anymore.
And http://docs.graylog.org/en/3.0/pages/sidecar.html#beats-on-linux in addition
LuisFFFerreira
Problem description
We have installed collector-sidecar version 1.0.0 to get the logs from an ubuntu machine 18.04 and graylog server 3.0. The issue that I am facing is when we upload the filebeat configuration its returned a failing error that the ubuntu machine cannot start validation command: fork/exec /usr/share/filebeat/bin/filebeat: no such file or directory.
After some troubleshooting we discovered that filebeat is not being installed with graylog-sidecar, to test this we installed "filebeat-6.6.1-amd64.deb" package and the error disapears and everything goes back to normal.
Steps to reproduce the problem
Graylog-Sidecar installation as usual;
Only configured server_url and server_api_token on sidecar.yml file;
Graylog-sidecar appears to be running ok;
Client machine appears as "running" on graylog web interface;
Configured filebeat as default with changes only of host IP;
Configuration was added to client machine and failed;
Graylog-sidecar on client machine with error (yellow lines);
We can see the same error on graylog logs;
We can see that filebeat is not installed with graylog-sidecar, the only file with "filebeat" as name is filebeat.conf in /var/lib/graylog-sidecar/generated;
We can see that filebeat.conf is uploaded to the client with no problems.
Environment