[root@dev-graylog bin]# ./logstash-plugin install logstash-output-gelf
Validating logstash-output-gelf
Installing logstash-output-gelf
Installation successful
wget https://github.com/Graylog2/collector-sidecar/releases/download/1.0.0/graylog-sidecar-1.0.0-1.x86_64.rpm
tar -vxzf graylog-sidecar-1.0.0-1.x86_64.rpm
sudo rpm -i graylog-sidecar-1.0.0-1.x86_64.rpm
sudo graylog-sidecar -service install
sudo systemctl start graylog-sidecar
我将使用Kibana所使用的相同的filebeat和logstash实例来设置Graylog。 Graylog界面已启动并在端口9000上运行,但是在运行graylog-sidecar时,出现错误“未配置API令牌” 。我尝试了与Collector Sidecar相关的类似问题中给出的不同解决方案。但是,我已经能够在Graylog Sidecar(新版本)中发现问题。
运行sudo systemctl start graylog-sidecar时,出现以下错误:
[root@c1 sidecar]# sudo systemctl status graylog-sidecar
● graylog-sidecar.service - Wrapper service for Graylog controlled collector
Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2019-02-20 14:21:46 PST; 1min 29s ago
Process: 21640 ExecStart=/usr/bin/graylog-sidecar (code=exited, status=1/FAILURE)
Main PID: 21640 (code=exited, status=1/FAILURE)
Feb 20 14:21:46 c1.local.com systemd[1]: graylog-sidecar.service: main process exited, code=exited, status=1/FAILURE
Feb 20 14:21:46 c1.local.com systemd[1]: Unit graylog-sidecar.service entered failed state.
Feb 20 14:21:46 c1.local.com systemd[1]: graylog-sidecar.service failed.
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service holdoff time over, scheduling restart.
Feb 20 14:23:46 c1.local.com systemd[1]: Stopped Wrapper service for Graylog controlled collector.
Feb 20 14:23:46 c1.local.com systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 20 14:23:46 c1.local.com graylog-sidecar[21651]: time="2019-02-20T14:23:46-08:00" level=fatal msg="No API token was configured."
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service: main process exited, code=exited, status=1/FAILURE
Feb 20 14:23:46 c1.local.com systemd[1]: Unit graylog-sidecar.service entered failed state.
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service failed.
rest_listen_uri =
web_listen_uri =
# The URL to the Graylog server API.
server_url: ""
# The API token to use to authenticate against the Graylog server API.
# This field is mandatory
server_api_token: ""
# The node ID of the sidecar. This can be a path to a file or an ID string.
# If set to a file and the file doesn't exist, the sidecar will generate an
# unique ID and writes it to the configured path.
# Example file path: "file:/etc/graylog/sidecar/node-id"
# Example ID string: "6033137e-d56b-47fc-9762-cd699c11a5a9"
# ATTENTION: Every sidecar instance needs a unique ID!
node_id: "graylog-collector-sidecar"
# The node name of the sidecar. If this is empty, the sidecar will use the
# hostname of the host it is running on.
#node_name: ""
# The update interval in secods. This configures how often the sidecar will
# contact the Graylog server for keep-alive and configuration update requests.
update_interval: 5
# This configures if the sidecar should skip the verification of TLS connections.
# Default: false
tls_skip_verify: true
# This enables/disables the transmission of detailed sidecar information like
# collector statues, metrics and log file lists. It can be disabled to reduce
# load on the Graylog server if needed. (disables some features in the server UI)
send_status: true
# A list of directories to scan for log files. The sidecar will scan each
# directory for log files and submits them to the server on each update.
# Example:
# list_log_files:
# - "/var/log/nginx"
# - "/opt/app/logs"
# Default: empty list
list_log_files: []
# Directory where the sidecar stores internal data.
#cache_path: "/var/cache/graylog-sidecar"
# Directory where the sidecar stores logs for collectors and the sidecar itself.
log_path: "/var/log/graylog-sidecar"
# The maximum size of the log file before it gets rotated.
#log_rotate_max_file_size: "10MiB"
# The maximum number of old log files to retain.
#log_rotate_keep_files: 10
# Directory where the sidecar generates configurations for collectors.
#collector_configuration_directory: "/var/lib/graylog-sidecar/generated"
# A list of binaries which are allowed to be executed by the Sidecar. An empty list disables the whitelist feature.
# Wildcards can be used, for a full pattern description see https://golang.org/pkg/path/filepath/#Match
# Example:
# collector_binaries_whitelist:
# - "/usr/bin/filebeat"
# - "/opt/collectors/*"
# Example disable whitelisting:
# collector_binaries_whitelist: []
# Default:
# collector_binaries_whitelist:
# - "/usr/bin/filebeat"
# - "/usr/bin/packetbeat"
# - "/usr/bin/metricbeat"
# - "/usr/bin/heartbeat"
# - "/usr/bin/auditbeat"
# - "/usr/bin/journalbeat"
# - "/usr/share/filebeat/bin/filebeat"
# - "/usr/share/packetbeat/bin/packetbeat"
# - "/usr/share/metricbeat/bin/metricbeat"
# - "/usr/share/heartbeat/bin/heartbeat"
# - "/usr/share/auditbeat/bin/auditbeat"
# - "/usr/share/journalbeat/bin/journalbeat"
# - "/usr/bin/nxlog"
# - "/opt/nxlog/bin/nxlog"
[root@c1 filebeat]# curl -i -H 'Accept: application/json' ''
HTTP/1.1 200 OK
X-Graylog-Node-ID: 95c1074c-268c-4996-83ac-8fffeaae901c
X-Runtime-Microseconds: 21775
Content-Type: application/json
Date: Thu, 21 Feb 2019 07:08:08 GMT
Content-Length: 260
"cluster_id" : "55dc5eb8-616b-4d37-af4d-572d9cb61a29",
"node_id" : "95c1074c-268c-4996-83ac-8fffeaae901c",
"version" : "3.0.0-beta.2+a5d9cc0",
"tagline" : "Manage your logs in the dark and have lasers going and make it look like you're from space!"
如何解决“未配置API令牌”错误? 这是让ELK和Graylog一起工作的最佳方法吗?
答案 0 :(得分:0)
启动graylog-sidecar所需的API令牌应从Graylog网站获得。您应该转到系统/身份验证,然后在“用户”部分中选择与Sidecar相关的用户。在“动作”列中,如果您选择“更多动作”,则可以编辑令牌。您只需要写下一个令牌名称,创建并复制它即可。然后,您只需将此令牌粘贴到graylog-sidecar配置中(sidecar.yml-> server_api_token:“ API_TOKEN”)并启动服务。