We started the Graylog project envisioning an end-to-end, purpose built log management solution. Over the last few years, we’ve been focused on fulfilling this mission of delivering the world’s best open source log management platform. I’m excited to announce that with the release of Graylog Collector, we’ve taken a big step forward in the journey.
The Graylog Collector is a lightweight and efficient log collector that is tightly integrated into the Graylog stack and allows you to collect log data from any environment. It is now even easier to centralize log data to achieve your IT operations, DevOps, and security management goals.
Many Open Source Tools Are Either Too Difficult to Manage or Resource Intensive
Log collection (aka log forwarding) is a fundamental part of the log management technology stack. Unfortunately, the existing tools for log collection have been too unreliable and resource intensive.
The downside to many existing open source solutions is that most of them are not purpose built for log forwarding and have way more features than you actually need. These open source solutions are often not well integrated, meaning configuration and management can be more difficult. The end result for Graylog users was that they had to use several log collectors/forwarders across different platforms.
Graylog Collector is Optimized for Log Collection
We saw the pain Graylog users experienced around basic log collection and thought, "What's the point of a centralized log management solution if you can’t ingest data easily?" We recognized the need to develop our own cross-platform log collector that could be managed uniformly across multiple platforms while being tightly integrated into the Graylog stack. The new Graylog Collector does just that. We believe that remote log collection should be as lightweight and as simple as possible, with just enough functionality to collect log files in a reliable and efficient way. The Graylog Collector is optimized for this very purpose, which is to read and forward logs from different operating systems and applications, including Linux, Unix and Windows, as well as any application that writes logs to disk.
By centralizing log processing, Graylog enables organizations to reach enterprise scale efficiently and economically without placing undue burden on already taxed endpoints. This philosophy should apply to log collection as well, and now that’s possible with the Graylog Collector.
So far, we have seen a very positive response to the Graylog Collector in terms of feedback and user adoption. Check out the features below and try it out!
Integrated Graylog Collector Features
Linux, Windows and Unix support for reading local log files
Wildcard log file support: auto-discover and read in log files
Uses Graylog Extended Log Format (GELF) as the message format
Support for multiline log messages
Windows event log support
Windows service support (runs as a Windows service)
Heartbeat and status
Custom field support: tag/enrich incoming log messages from each Collector
Configurable in-memory message buffer
TLS/SSL based message encryption
Lightweight footprint (10MB in size and <60MB memory usage)
Graylog UI integration: basic status/health/OS information
Simple log source filtering and alerting: can alert on log message thresholds on a per collector basis