search

Graylog2 / collector-sidecar

Manage log collectors through Graylog
https://www.graylog.org/
Other
268 stars 56 forks source link

Sidecar doesn't generate a node-id file when necessary #422

Closed aidenmitchell closed 2 years ago

aidenmitchell commented 2 years ago

Problem description

Sidecar fails to launch on my Windows server, as it isn't generating a node-id. The file never seems to appear.

time="2022-03-10T18:52:40-08:00" level=info msg="node-id file doesn't exist, generating a new one"
time="2022-03-10T18:52:40-08:00" level=fatal msg="Can not read node-id file: open C:\\ProgramFiles\\Graylog\\sidecar\\node-id: The system cannot find the file specified."

Steps to reproduce the problem

  1. Install Sidecar with the .exe
  2. Launch Sidecar via the command line from C:\Program Files\Graylog\sidecar

Environment

boosty commented 2 years ago

The log line says C:\\ProgramFiles\, while the steps to reproduce say C:\Program Files\ 🤔

aidenmitchell commented 2 years ago

I assume that's the way it's logged, with no spaces? The Program Files directory has a space usually.

mpfz0r commented 2 years ago

@aidenmitchell

Can you show us your sidecar.yml config. especially the node_id config?

aidenmitchell commented 2 years ago 
# The URL to the Graylog server API.
# Default: "http://127.0.0.1:9000/api/"
server_url: "http://172.16.1.15:9111/api"

# The API token to use to authenticate against the Graylog server API.
# Default: none
server_api_token: "REDACTED"

# The node ID of the sidecar. This can be a path to a file or an ID string.
# If set to a file and the file doesn't exist, the sidecar will generate an
# unique ID and writes it to the configured path.
#
# Example file path: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
# Example ID string: "6033137e-d56b-47fc-9762-cd699c11a5a9"
#
# ATTENTION: Every sidecar instance needs a unique ID!
#
# Default: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"
node_id: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"

# The node name of the sidecar. If this is empty, the sidecar will use the
# hostname of the host it is running on.
# Default: ""
node_name: ""

# The update interval in secods. This configures how often the sidecar will
# contact the Graylog server for keep-alive and configuration update requests.
# Default: 10
update_interval: 10

# This configures if the sidecar should skip the verification of TLS connections.
# Default: false
tls_skip_verify: false

# This enables/disables the transmission of detailed sidecar information like
# collector statues, metrics and log file lists. It can be disabled to reduce
# load on the Graylog server if needed. (disables some features in the server UI)
# Default: true
send_status: true

# A list of directories to scan for log files. The sidecar will scan each
# directory for log files and submits them to the server on each update.
#
# Example:
#     list_log_files:
#       - "/var/log/nginx"
#       - "/opt/app/logs"
#
# Default: empty list
#list_log_files: []

# Directory where the sidecar stores internal data.
#cache_path: "C:\\Program Files\\Graylog\\sidecar\\cache"

# Directory where the sidecar stores logs for collectors and the sidecar itself.
#log_path: "C:\\Program Files\\Graylog\\sidecar\\logs"

# The maximum size of the log file before it gets rotated.
#log_rotate_max_file_size: "10MiB"

# The maximum number of old log files to retain.
#log_rotate_keep_files: 10

# Directory where the sidecar generates configurations for collectors.
#collector_configuration_directory: "C:\\Program Files\\Graylog\\sidecar\\generated"

# A list of binaries which are allowed to be executed by the Sidecar. An empty list disables the access list feature.
# Wildcards can be used, for a full pattern description see https://golang.org/pkg/path/filepath/#Match
# Example:
#     collector_binaries_accesslist:
#       - "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
#       - "C:\\Program Files\\Filebeat\\filebeat.exe"
#
# Example disable access listing:
#     collector_binaries_accesslist: []
#
# Default:
collector_binaries_accesslist:
 - "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe"
 - "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe"
#  - "C:\\Program Files\\Filebeat\\filebeat.exe"
#  - "C:\\Program Files\\Packetbeat\\packetbeat.exe"
#  - "C:\\Program Files\\Metricbeat\\metricbeat.exe"
#  - "C:\\Program Files\\Heartbeat\\heartbeat.exe"
#  - "C:\\Program Files\\Auditbeat\\auditbeat.exe"
#  - "C:\\Program Files (x86)\\nxlog\\nxlog.exe"
thll commented 2 years ago

@aidenmitchell The config looks good and I double-checked that I can run the sidecar on Windows with this node-id setting. However, contrary to what we can see in the log output you pasted, the space in Program Files is clearly visible on my machine.

To rule out any formatting issues of the YAML file, you could also try to comment the node-id specific line. It shouldn't make a difference, because you are using the default anyways:

#node_id: "file:C:\\Program Files\\Graylog\\sidecar\\node-id"

We've added a bit more logging output around writing/reading of the node-id file in https://github.com/Graylog2/collector-sidecar/pull/424. This might be of some help to figure out what's going wrong in the future.