We've got you covered
When you have a distributed environment with many remote locations and one centralized IT staff, you want the logs in one central spot—without killing your network. Graylog helps with this issue with the Graylog Forwarder.
The Graylog Forwarder is a lightweight and fast standalone solution for sending data to Graylog Cloud or an on-premise Graylog Server cluster. You can configure your Forwarder to send data from one Graylog instance to Graylog Cloud or to an on-premise Graylog Server instance. In other words, one tool supports any deployment model to centralize log messages from a distributed architecture into one cluster. This supports local teams and enables organization-wide data analysis no matter where employees are located.
The Graylog Forwarder is a standalone installation and you can use the same Forwarder agent for Graylog Cloud and on-premise Graylog installations, but the required setup is different for each environment. For details on the setting up the Forwarder, please see the documentation.
You can easily set up your Graylog Forwarder using our Wizard Interface.
You can use our Wizard Menu for configuring your Forwarder, or you can create a customized configuration.
The Graylog forwarder is capable of sending logs at very high throughput rates. These can be affected by things like CPU Clock Speed, CPU Cores, available memory and network bandwidth. There are also many configuration options to help with any network.
If you are using Graylog Cloud and Cloud Forwarder’s disk journal, it caches data and sends the messages to Graylog Cloud in case of a network outage.
Additionally, if you want to analyze and extract details, you can:
For example, an international financial company headquartered in San Francisco with a centralized IT staff working from there wants all of the logs in one central spot. The company is running 3 Graylog instances in 3 different regions. With Graylog Forwarder, they can centralize their logs messages into one cluster for monitoring, alerting, and reporting while still identifying the origin cluster. In addition,centralizing the log data means they can perform searches across the different clusters which helps you find real-time answers to problems like outages, performance issues, or security alerts.