Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

problem with collector_binaries_whitelist #363

Closed
lschroth opened this issue Apr 29, 2019 · 10 comments
Closed

problem with collector_binaries_whitelist #363

lschroth opened this issue Apr 29, 2019 · 10 comments

Comments

@lschroth
Copy link

Problem description

Error when collector_binaries_whitelist path for 32bit windows version of nxlog.

32bit Windows installs all programs in the c:\program files\ directory. I have updated the collector_binaries_whitelist to include c:\program files directory, but when starting sidecar in debug mode, I get the following error.

[nxlog_32bit] Couldn’t execute
collector C:\Program Files\nxlog\nxlog.exe, binary path is not included in `
collector_binaries_whitelist’ config option."the c:\program files director. When starting the sidecar program with an updated collector_binaries_whitelist, an error is returned of

``

Steps to reproduce the problem

  1. install a collector program in the c:\program files directory
  2. update the configuration & whitelist to reference the new path
    3 . start sidecar in debug mode and you get an error of

Environment

  • Sidecar Version: 1.0.1
  • Graylog Version: Graylog 3.0.1+de74b68
  • Operating System: ubuntu
  • Elasticsearch Version: 5.6.14
  • MongoDB Version:
@lschroth
Copy link
Author

@mpfz0r
Copy link
Contributor

mpfz0r commented Apr 30, 2019

How did you configure the executable path for your collector?
It looks like you picked C:\\Program Files\\nxlog\\nxlog.exe while it should be C:\Program Files\nxlog\nxlog.exe

Only the sidecar.yml needs the path with two backslashes.

@lschroth
Copy link
Author

lschroth commented Apr 30, 2019

Yes, I did. Here is what I have for the configuration below.

<
define ROOT C:\Program Files\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO

Module xm_fileop When @daily Exec file_cycle('%ROOT%\data\nxlog.log', 7); Module xm_gelf # Avoid truncation of the short_message field to 64 characters. ShortMessageLength 65536 Module im_msvistalog PollInterval 1 SavePos True ReadFromLast True
    #Channel System
    #<QueryXML>
    #  <QueryList>
    #   <Query Id='1'>
    #    <Select Path='Security'>*[System/Level=4]</Select>
    #    </Query>
    #  </QueryList>
    #</QueryXML>
Module om_tcp Host 17x.xxx.xxx.xxx Port 12201 OutputType GELF_TCP # These fields are needed for Graylog $gl2_source_collector = '${sidecar.nodeId}'; $collector_node_id = '${sidecar.nodeName}'; Path eventlog => gelf

@lschroth lschroth reopened this Apr 30, 2019
@lschroth
Copy link
Author

nxlog.conf.txt

Attached is my nxlog.conf

@mpfz0r
Copy link
Contributor

mpfz0r commented May 2, 2019

Just to be clear, I was talking about the Executable Path setting for your collector:

image

How did you configure that?

@lschroth
Copy link
Author

lschroth commented May 2, 2019

yes, I created a unique collector profile (nxlog_32bit) and set the executable to "C:\Program Files\nxlog\nxlog.exe"

Capture

@mpfz0r
Copy link
Contributor

mpfz0r commented May 2, 2019

Ok, thanks. However, the nxlog.conf should be irrelevant for this error.
The sidecar won't even try to start nxlog if it's not within the whitelist.

I think I've found the error in your sidecar.yml:

Collector_binaries_whitelist: [ 'C:\\Program Files\\nxlog\\nxlog.exe' ]

It should be collector_binaries_whitelist not Collector_binaries_whitelist (no capital C at the beginning)

@lschroth
Copy link
Author

lschroth commented May 2, 2019

Sorry, that was just left over from testing different setups in the file. The error is the same with the field updated.

@mpfz0r
Copy link
Contributor

mpfz0r commented May 3, 2019

Two more things that might cause trouble.
1.) You quoted the path with single quotes. But then kept the double backslash.
This is only needed when using double quotes.
2.) Apparently the golang path matching in Windows is case sensitive. Make sure to get
your capitalization correct.

collector_binaries_whitelist: [ "C:\\Program Files\\nxlog\\nxlog.exe" ]

@lschroth
Copy link
Author

lschroth commented May 3, 2019

That worked. I ended up with collector_binaries_whitelist: [ "C:\Program Files\nxlog\nxlog.exe" ] to make it work.

I would suggest adding that path to the default for 32 bit machines...

@lschroth lschroth closed this as completed May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants