Closed H2Cyber closed 1 year ago
mpfz0r
commented
2 years ago @H2Cyber
I think the easiest workaround for now is to manually stop the Sidecar Windows service. Once it's stopped, you can run the 1.2 Sidecar installer and perform a regular installation.
An alternative would be to use our Chocolatey package, which does that automatically. https://community.chocolatey.org/packages/graylog-sidecar
mpfz0r
commented
2 years ago Maybe a safe way is to fully uninstall the service first:
"C:\Program Files\Graylog\graylog-sidecar.exe" -service stop
"C:\Program Files\Graylog\graylog-sidecar.exe" -service uninstallThis might be needed to apply our fix for https://github.com/Graylog2/collector-sidecar/issues/421
H2Cyber
commented
2 years ago @mpfz0r thanks.
Would uninstalling and reinstalling create a new sidecar entry in Graylog ? Or would Graylog recognise the fact that the endpoint is the same ?
mpfz0r
commented
2 years ago @H2Cyber
Yeah, it would :-( see #365
But you could copy the node-id file and restore it afterwards. That should do the trick.
Jenda2022
commented
1 year ago Hello,
I would like to ask You folks if someone has same experience and maybe a some solution. I have a WinServer2019, sidecar v1.1.0 with unknown status in GL. I was thinking the upgrade to v1.2.0 can solve problem with connection to GL. After upgrade and replacement of files sidecar.yml and node-id from backup the sidecar upgade was visible on GL server after aprox 2hrs and the problem with unknown status remains. What is different is node-id has been changed after all.
Thank You so much in advance. Regards, Jan.
mpfz0r
commented
1 year ago @Jenda2022 the unknown status has likely a different cause. Have you checked the logs of the sidecar and graylog for any errors?
Jenda2022
commented
1 year ago @Jenda2022 the unknown status has likely a different cause. Have you checked the logs of the sidecar and graylog for any errors?
Hello,
I checked the sidecar in debug mode:
time="2022-10-07T20:04:14+02:00" level=info msg="Starting signal distributor" time="2022-10-07T20:53:15+02:00" level=error msg="Got action for non-existing collector: 61658f0fb678146f61433586" time="2022-10-07T20:53:15+02:00" level=error msg="Got action for non-existing collector: 61658f10b678146f61433589" time="2022-10-07T20:53:15+02:00" level=info msg="Adding process runner for: filebeat" time="2022-10-07T20:53:15+02:00" level=info msg="Adding process runner for: winlogbeat" time="2022-10-07T20:53:15+02:00" level=info msg="[filebeat] Configuration change detected, rewriting configuration file." time="2022-10-07T20:53:16+02:00" level=info msg="[winlogbeat] Configuration change detected, rewriting configuration file." time="2022-10-07T20:53:16+02:00" level=info msg="[filebeat] Starting (svc driver)" time="2022-10-07T20:53:16+02:00" level=info msg="[winlogbeat] Starting (svc driver)" time="2022-10-10T16:16:08+02:00" level=info msg="[winlogbeat] Got remote restart command" time="2022-10-10T16:16:08+02:00" level=info msg="[winlogbeat] Stopping" time="2022-10-10T16:16:09+02:00" level=info msg="[winlogbeat] Starting (svc driver)" time="2022-10-14T11:55:21+02:00" level=info msg="Stopping signal distributor" time="2022-10-14T11:55:21+02:00" level=info msg="[filebeat] Stopping" time="2022-10-14T11:55:21+02:00" level=info msg="[winlogbeat] Stopping" time="2022-10-14T11:57:31+02:00" level=info msg="Starting signal distributor" time="2022-10-14T12:00:51+02:00" level=info msg="Stopping signal distributor"
I have a fleet of Windows Sidecar v1.1 and I want to upgrade them to 1.2. What would be the simplest recommended way to do so ? Do I have to I uninstall v1.1 first ?