1. Graylog-Server collector configuration
1.1 Click the Launch new input button to prompt a new form Check the global box. Make sure the port field is set to 5044
1.2 nxlog configuration
Ubuntu 上的 NXLog
从官方NXLog下载页面安装 NXLog 包。因为 Sidecar 控制停止和启动 NXlog,所以有必要停止所有正在运行的 NXlog 实例并取消配置默认系统服务:
sudo /etc/init.d/nxlog stop
sudo update-rc.d -f nxlog remove
sudo gpasswd -a nxlog adm
sudo chown -R nxlog.nxlog /var/spool/nxlog
CentOS 上的 NXLog。 在基于 RedHat 的系统上也是如此:
sudo service nxlog stop
sudo chkconfig --del nxlog
sudo gpasswd -a nxlog root
sudo chown -R nxlog.nxlog /var/spool/nxlog
Windows 上的 NXlog
从官方下载页面 https://nxlog.co/downloads/nxlog-ce#nxlog-community-edition
安装 NXLog 包并停用系统服务。我们只需要在系统上安装二进制文件:
"C:\Program Files (x86)\nxlog\nxlog" -u ----(使用 PowerShell 时在命令前加上 & 前缀)
-----------------------------------我没有研究这个 nxlog , 附上参考,没有这个需求直接忽略
2. Windows client installation
2.1 Now that you have access to the API token, you need to run the Windows Sidecar installer. download first
"filebeat-8.7.1-windows-x86_64" and "graylog_sidecar_installer_1.4.0-1" two software
2.2 Then choose any one to install first. The following is the description of filling in the information for graylog_sidecar_installer_1.4.0-1 installation
3. Linux client installation:
3.1 Prepare the software filebeat-8.7.1-x86_64.rpm "and" graylog-sidecar-1.4.0-1.x86_64.rpm ./ opt directory
3.2 Then enter the directory and execute the following two commands: Then modify the graylog-sidecar configuration file:
rpm -ivh filebeat-8.7.1-x86_64.rpm graylog-sidecar-1.4.0-1.x86_64.rpm
graylog-sidecar -service install
vi /etc/graylog/sidecar/sidecar.yml
3.3 After modification: wq save and exit --- execute the following command
systemctl enable graylog-sidecar && systemctl start graylog-sidecar &&systemctl status graylog-sidecar
3.4 This means that the installation is complete and the graylog-sidecar service is enabled:
4. Go back to the Graylog console and add the device to the platform:
4.1 Configuration template Collectors Configuration
4.2 Find Collectors Administration in the System /Sidecare item and Edit filebeat Configurations
4.2 Back to the Inputs item Start input will collect the log when it is turned on
The following is the way to download and provide, which can be used in conjunction with referring to official documents: Graylog Sidecar
Error reporting problem solved:
vi /etc/elasticsearch/jvm.options
vi /etc/opensearch/jvm.options
vi /etc/sysconfig/graylog-server
vi /etc/sysconfig/elasticsearch
Graylog Sidecar is a lightweight configuration management system for different log collectors, also known as Backends. Graylog nodes act as centralized hubs containing log collector configurations. Sidecars can run as a service (Windows hosts) or a daemon (Linux hosts) on supported message generating devices/hosts.
You can get the .deb and .rpm packages of Graylog Sidecar in our package repository. Releases Graylog2/collector-sidecar GitHub download installer. Please follow the version matrix to choose the appropriate package:
Ubuntu
wget https://packages.graylog2.org/repo/packages/graylog-sidecar-repository_1-5_all.deb
sudo dpkg -i graylog-sidecar-repository_1-5_all.deb
sudo apt-get update && sudo apt-get install graylog-sidecar
-----------------------------------------------------------------------------------
sudo vi /etc/graylog/sidecar/sidecar.yml
sudo graylog-sidecar -service install
# Ubuntu 14.04 with Upstart
sudo start graylog-sidecar
# Ubuntu 16.04 and later with systemd
sudo systemctl enable graylog-sidecar
sudo systemctl start graylog-sidecarCentOS
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-sidecar-repository-1-5.noarch.rpm
sudo yum install graylog-sidecar
-----------------------------------------------------------------------------------vi /etc/graylog/sidecar/sidecar.yml
sudo graylog-sidecar -service install
sudo systemctl enable graylog-sidecar
sudo systemctl start graylog-sidecar Windows (Prerequisites)
To start using Sidecar on Windows, make sure the following requirements are met:
-
When choosing which version of Sidecar to install, you must choose the version according to the version of Graylog you are currently using. You can find the Windows Sidecar installation link on our Github page . Releases · Graylog2/collector-sidecar · GitHub
