2

i would like to achieve an architecture like shown on the left side of this picture(because i want to use NXLog): http://docs.graylog.org/en/2.1/_images/sidecar_overview.png. I have already installed Graylog2 on my RedHat Server and now i'm currently working on the configuration of collector-sidecar. As i'm working as nonroot, i had to change several directories in configuration files of collector-sidecar and NXLog. Now to the problem: Everytime i try to start collector sidecar, i get INFO/Error- Messages: 

    [gunge@bsul0959 bin]$ ./graylog-collector-sidecar -c /opt/ansible/sidecar/etc/graylog/collector-sidecar/collector_sidecar.yml
INFO[0000] Using collector-id: 13a3d80f-cb69-4391-8520-7a760b9b964e
INFO[0000] Fetching configurations tagged by: [linux apache syslog]
ERRO[0000] stat /var/run/graylog/collector-sidecar: no such file or directory
INFO[0000] Trying to create directory for: /var/run/graylog/collector-sidecar/nxlog.run
ERRO[0000] Not able to create directory path: /var/run/graylog/collector-sidecar
INFO[0000] Starting collector supervisor
ERRO[0010] [UpdateRegistration] Sending collector status failed. Disabling `send_status` as fallback! PUT http://127.0.0.1:12900/plugins/org.graylog.plugins.collector/collectors/13a3d80f-cb69-4391-8520-7a760b9b964e: 400 Unable to map property tags.
Known properties include: operating_system

After this start procedure, a collector appears on my Graylog Web-Interface, but if i abort the start procedure, the collector disappears again. During the start procedure, it tries to create a path in /var/run/graylog/collector-sidecar but as i am not root, it can't. As a consequence, he can't create nxlog.run in that directory. I already tried to change the path to a place where i don't need root permissions, but i think there is no configuration file where i can do this. So i looked into the binary of collector-sidecar and found this:

func (nxc *NxConfig) ValidatePreconditions() bool {
     if runtime.GOOS == "linux" {
          if !common.IsDir("/var/run/graylog/collector-sidecar") {
                err := common.CreatePathToFile("/var/run/graylog/collector-sidecar/nxlog.run")
                if err != nil {
                     return false
                }
          }
     }
     return true
}

It seems, that the path is coded into the application and there is no way to configure anoter path. Do you see a solution besides getting root permissions?

Emre Sahin
  • 21
  • 1
  • I'd recommend posting your question to the official Graylog community support channels: https://www.graylog.org/community-support – joschi Sep 19 '16 at 09:51

2 Answers2

2

By default sidecar uses root account. Creating a new user as "collector" and giving him the files he needs and switching to his user will solve the issue.

Create the user and grant the ownership/permissions:

# useradd -r collector
# chown -R collector /etc/graylog
# chown -R collector /var/cache/graylog
# chown -R collector /var/log/graylog
# setfacl -m u:collector:r /var/log/*

Tell systemd about the new user:

# vim /etc/systemd/system/collector-sidecar.service

[Service]
User=collector
Group=collector

# systemctl daemon-reload
# systemctl restart collector-sidecar

From now on backends ( NXLog or Beats ) will use the user collector. Hope that it works for you!

Kaan
  • 379
  • 3
  • 7
  • Another approach is to create user without -r option and install the sidecar inside home directory ;) – Kaan Sep 27 '18 at 10:29
0

Currently this is a fixed path as you saw in the code. To run it as a normal user you also have to do some more changes in the default NXlog configuration file. At the moment I would recomment you to write your own NXlog file and use it without the Sidecar in between. But you can create a GH issue so that we can add the needed option.

Cheers, Marius

Marius Sturm
  • 1
  • 1