I was able to get past the errors. I used the filebeat yaml file from
another server running linux. I used a new UUID and changed the tag from
linux to freebsd. The agent now starts without any errors. the filebeat
yaml file generated by graylog seems a bit different than the default. As
example:
from Graylog:
output:
logstash:
hosts:
- xxxxx:5044
vs default:
output.logstash:
hosts: ["xxxxx:5044"]
I'm sure in YML they are the same thing.
On Wednesday, 15 February 2017 12:13:26 UTC+2, Danie de Jager wrote:
>
> Hi,
>
> I have some FreeBSD servers which logs I want to send to Graylog2.1 and
> now 2.2. I'm not finding an elegant solution as SyslogD does not seem to be
> able to ship my application's log files to Graylog. The OS logs receive
> fine as I set a "syslog UDP" input.
>
> What I want would prefer to do is to use the filebeat application that
> does have a Freebsd build to ship my logs to Graylog's Beats Input. I don't
> see that the Graylog sidecar works on FreeBSD.
>
> I installed filebeat 5.1.1 and edit the provided filebeat.yml to use
> logstash instead of elasticsearch. When I started the filebeat service I
> got a nasty error scrolling over my screen:
>
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> ^C
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding
> states: EOF
>
> This does not happen when I use the Sidecar collector on Linux to send to
> Graylog or use the filebeat agent to connect to a ELK system. Is there
> something
> in Graylog that is causing this to happen when using filebeat direct? I'm
> not sure what would be the best way to get various log files on a FreeBSD
> server into Graylog.
>
> Regards,
> Danie
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/30d63fef-96f5-48d0-949a-a8ac1a9712a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
