Hello,
I’ve come across a use-case where I need to monitor Windows Servers. I am reasonably comfortable with the LGTM stack on Linux.
I have successfully used windows_exporter to export metrics.
I now need to move onto:
- logs
- a cAdvisor equivalent
For logs, I’ve tried the promtail binary and specifying the default config when launching via CLI, but the process just seems to terminate silently.
For Grafana agent, I’m using the following config:
server:
log_level: debug
logs:
# Choose a directory to save the last read position of log files at.
# This directory will be created if it doesn't already exist.
positions_directory: "C:grafanaAgent"
configs:
- name: windows
# Loki endpoint to push logs to
clients:
- url: http://<workingURL>:3100/loki/api/v1/push
scrape_configs:
- job_name: windows
windows_events:
# Note the directory structure must already exist but the file will be created on demand
bookmark_path: "C:\grafanaAgent\bookmark.xml"
use_incoming_timestamp: false
eventlog_name: "Application"
# Filter for logs
xpath_query: '*'
labels:
job: windowsserver
but this errors out with ‘Error 1067: The process terminated unexpectedly’. I’ve searched for logs on this in EventViewer, but cannot see anything more.
This config comes from the default installation instructions here.
I believe the issue to be permissions related - I don’t think the Agent has permissions to write anywhere to disk. I’ve tried to get around this by running it as my Admin user (Services → Right Click Agent → Properties → Log On) and also by specifying write destinations that should be open to all (C:\Temp) but that didn’t help.
I’ve checked that the issue is not at the server end - a Linux machine running Promtail is able to push logs to the sever just fine.
Would appreciate any help - I am not skilled with Windows Server and am probably missing something obvious.
x4