Hi, the server API token is unique to each node ? Or could I use one token for group of computers (e.g. computers with Windows10)? Thanks for reply :-)
the api token is unique to every sidecar instance that you create and can be used by any windows/linux machines that want to send logs to graylog. let say you configure a sidecar for windows, you can use the same api token on 1 or more windows machines that you want to collect the logs from.
i am not getting the messages coming from the node , service is running on remote machine ,what would be the possible mistakes? sidecar beats shows message as failed
the tutorial was done on graylog version 3.0.1 please make sure the graylog server and your windows machine match the time, they should be synced with ntp. more than this, please make sure you follow the tutorial step by step. making sure you'll have all of the above should work 100%
@@benjaminlucas9818 most probably you are doing something somewhere wrong.... go through the steps again, check the date and time it must mach, check your ports you are listening on the graylog server, netstat -tulpn, check to see if the input is started.
Thanks for this! Finally got Greylog to work with Windows
yw
Great video ! simple, clear to understand and it works.
And next time, windows search "cmd" and have immediately your command prompt ;)
Thanks for the tip!
awesome, works as a charm! super clear and understandable! thanks!
yw
Great tutorial, thank you! Got it working.
Thanks Alexandros
thanks for the video , very useful for sidecar configuration
shameera hasan thanks
Great document - many thanks
Glad you enjoyed it
Thanks man, it helps
yw
have you tried using filebeat im having problems with sending out particular logs from IIS
so far no, but try to read this community.graylog.org/t/problem-with-filebeat-configuration-on-windows/9991
hopefully you'll find the answer there
Hi, the server API token is unique to each node ? Or could I use one token for group of computers (e.g. computers with Windows10)? Thanks for reply :-)
the api token is unique to every sidecar instance that you create and can be used by any windows/linux machines that want to send logs to graylog. let say you configure a sidecar for windows, you can use the same api token on 1 or more windows machines that you want to collect the logs from.
Thanks bro works good.
I have only 1 issue winlogbeat only sends application and system logs not security logs
check what exactly your beat app monitors for or maybe your windows is not configured to send the right information
i am not getting the messages coming from the node , service is running on remote machine ,what would be the possible mistakes? sidecar beats shows message as failed
the tutorial was done on graylog version 3.0.1
please make sure the graylog server and your windows machine match the time, they should be synced with ntp.
more than this, please make sure you follow the tutorial step by step.
making sure you'll have all of the above should work 100%
How did you get the Graylog API url? I entered the same url as you entered but cannot be reached. Sorry
it might have changed, check the official doc
There's nothing listening on port 9000. At what point did we get that?
Can you help me I tried the steps above a couple of times but still no incoming message on my graylog server TIA
check your firewall, check to see if the date and time is the same, do a tcp dump to see if you actually get the messages on the interface
Tried the same instruction still not receiving any messages
double checked the time zone both are in same zone with proper sync
try to review the steps and redo the process, it should work without any issues
Hi I get the error: faile to connect to backoff... tcp took too long to respond. I am using the same ip as my graylog
try to check the FW settings
same here . did you finally run yours?
@@benjaminlucas9818 most probably you are doing something somewhere wrong.... go through the steps again, check the date and time it must mach, check your ports you are listening on the graylog server, netstat -tulpn, check to see if the input is started.
I need permit firewall, on CentOs for example is firewall-cmd --permanent --add-port=5044/tcp