Upgrading sidecar from 1.1 to 1.2

[H2Cyber]

I have a fleet of Windows Sidecar v1.1 and I want to upgrade them to 1.2.
What would be the simplest recommended way to do so ? Do I have to I uninstall v1.1 first ?

[mpfz0r]

@H2Cyber

I think the easiest workaround for now is to manually stop the Sidecar Windows service.
Once it's stopped, you can run the 1.2 Sidecar installer and perform a regular installation.

An alternative would be to use our Chocolatey package, which does that automatically.
https://community.chocolatey.org/packages/graylog-sidecar

[mpfz0r]

Maybe a safe way is to fully uninstall the service first:

"C:\Program Files\Graylog\graylog-sidecar.exe" -service stop 
"C:\Program Files\Graylog\graylog-sidecar.exe" -service uninstall

This might be needed to apply our fix for #421

[H2Cyber]

@mpfz0r thanks.

Would uninstalling and reinstalling create a new sidecar entry in Graylog ? Or would Graylog recognise the fact that the endpoint is the same ?

[mpfz0r]

@H2Cyber
Yeah, it would :-( see #365
But you could copy the node-id file and restore it afterwards. That should do the trick.

[Jenda2022]

Hello,

I would like to ask You folks if someone has same experience and maybe a some solution. I have a WinServer2019, sidecar v1.1.0 with unknown status in GL. I was thinking the upgrade to v1.2.0 can solve problem with connection to GL. After upgrade and replacement of files sidecar.yml and node-id from backup the sidecar upgade was visible on GL server after aprox 2hrs and the problem with unknown status remains. What is different is node-id has been changed after all.

Thank You so much in advance. Regards, Jan.

[mpfz0r]

@Jenda2022 the unknown status has likely a different cause. Have you checked the logs of the sidecar and graylog for any errors?

[Jenda2022]

@Jenda2022 the unknown status has likely a different cause. Have you checked the logs of the sidecar and graylog for any errors?

Hello,

I checked the sidecar in debug mode:

time="2022-10-07T20:04:14+02:00" level=info msg="Starting signal distributor"
time="2022-10-07T20:53:15+02:00" level=error msg="Got action for non-existing collector: 61658f0fb678146f61433586"
time="2022-10-07T20:53:15+02:00" level=error msg="Got action for non-existing collector: 61658f10b678146f61433589"
time="2022-10-07T20:53:15+02:00" level=info msg="Adding process runner for: filebeat"
time="2022-10-07T20:53:15+02:00" level=info msg="Adding process runner for: winlogbeat"
time="2022-10-07T20:53:15+02:00" level=info msg="[filebeat] Configuration change detected, rewriting configuration file."
time="2022-10-07T20:53:16+02:00" level=info msg="[winlogbeat] Configuration change detected, rewriting configuration file."
time="2022-10-07T20:53:16+02:00" level=info msg="[filebeat] Starting (svc driver)"
time="2022-10-07T20:53:16+02:00" level=info msg="[winlogbeat] Starting (svc driver)"
time="2022-10-10T16:16:08+02:00" level=info msg="[winlogbeat] Got remote restart command"
time="2022-10-10T16:16:08+02:00" level=info msg="[winlogbeat] Stopping"
time="2022-10-10T16:16:09+02:00" level=info msg="[winlogbeat] Starting (svc driver)"
time="2022-10-14T11:55:21+02:00" level=info msg="Stopping signal distributor"
time="2022-10-14T11:55:21+02:00" level=info msg="[filebeat] Stopping"
time="2022-10-14T11:55:21+02:00" level=info msg="[winlogbeat] Stopping"
time="2022-10-14T11:57:31+02:00" level=info msg="Starting signal distributor"
time="2022-10-14T12:00:51+02:00" level=info msg="Stopping signal distributor"