Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Graylog Sidecar systemctl is displaying wrong status. #500

Open
hyderaliva opened this issue Sep 12, 2024 · 2 comments
Open

The Graylog Sidecar systemctl is displaying wrong status. #500

hyderaliva opened this issue Sep 12, 2024 · 2 comments
Labels
needs-input triaged

Comments

@hyderaliva
Copy link

hyderaliva commented Sep 12, 2024
edited
Loading

Problem description

The Graylog Sidecar systemctl status always shows 'running,' even when there is a connectivity issue between the Graylog API server and the Graylog Sidecar agent. As a result, we lose critical event logs in the Graylog web console. We currently use systemctl status to monitor the Graylog Sidecar agent, but this approach seems ineffective.

Please suggest a suitable method to monitor graylog-sidecar agent, ensuring issues are addressed promptly and critical events are not missed in the Graylog console.

The graylog-sidecar config and systemctl files are as follows,

sidecar.yml

server_url: "http://graylog-server-ip:9000/api"
server_api_token: "api-token"
collector_id: "file:/etc/graylog/sidecar/node-id"
node_id: "file:/etc/graylog/sidecar/node-id"
node_name: "$HOSTNAME"
send_status: true
cache_path: "/var/cache/graylog-sidecar"
log_path: "/var/log/graylog-sidecar"
list_log_files: "/var/log/"

graylog-sidecar.service
`[Unit]
Description=Wrapper service for Graylog controlled collector
ConditionFileIsExecutable=/usr/bin/graylog-sidecar

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/graylog-sidecar
Restart=always
RestartSec=120
EnvironmentFile=-/etc/sysconfig/graylog-sidecar

[Install]
WantedBy=multi-user.target`

Environment

  • Sidecar Version: 1.0.0
  • Graylog Version: 4.1.14
  • Operating System: Ubuntu 20.04
  • Elasticsearch Version: 7.10.2
  • MongoDB Version:4.2

Thanks,
Hyder
@sethgraylog
Copy link

Can you validate this on a current version of Graylog (v6.0)?

@drewmiranda-gl
Copy link
Member

Took a quick look at this and can confirm that the graylog-sidecar service does stay in an active (running) state even if it loses connectivity with its Graylog cluster. This appears to be working as designed though as the service itself remains running so that it can continue to retry communication with its Graylog cluster.

I suggest 2 things to monitor graylog cluster health:

  • Use an uptime or monitoring software solution to alert on connectivity issues with the Graylog cluster, specifically the Graylog web interface
  • Use the contents of sidecar's log file, /var/log/graylog-sidecar/sidecar.log (for example a script running as a cron job to check for errors), when sidecar is unable to connect to its graylog cluster it logs the following:
    • `level=error msg="Error fetching server version Get "<graylog_api>": dial tcp : connect: connection refused""

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-input triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hyderaliva @drewmiranda-gl @sethgraylog