Forwarder

When you have a distributed environment with many remote locations and one centralized IT staff, you want the logs in one central spot—without killing your network. Graylog helps with this issue with the Graylog Forwarder.

The Graylog Forwarder is a lightweight and fast standalone solution for sending data to Graylog Cloud or an on-premise Graylog Server cluster. You can configure your Forwarder to send data from one Graylog instance to Graylog Cloud or to an on-premise Graylog Server instance. In other words, one tool supports any deployment model to centralize log messages from a distributed architecture into one cluster. This supports local teams and enables organization-wide data analysis no matter where employees are located.


HOW IT WORKS

The Graylog Forwarder is a standalone installation and you can use the same Forwarder agent  for Graylog Cloud and on-premise Graylog installations, but the required setup is different for each environment. For details on the setting up the Forwarder, please see the documentation.

You can easily set up your Graylog Forwarder using our Wizard Interface.

 

 

You can use our Wizard Menu for configuring your Forwarder, or you can create a customized configuration.

The Graylog forwarder is capable of sending logs at very high throughput rates. These can be affected by things like CPU Clock Speed, CPU Cores, available memory, and network bandwidth. There are also many configuration options to help with any network.

If you are using Graylog Cloud and Cloud Forwarder’s disk journal, it caches data and sends the messages to Graylog Cloud in case of a network outage.

Additionally, if you want to analyze and extract details, you can:

  • review active Forwarder(s) in the UI
  • call REST endpoints to consume information on health and a list of inputs
  • export Forwarder metrics from Prometheus, a third-party monitoring tool

For example, an international financial company headquartered in San Francisco with a centralized IT staff working from there wants all of the logs in one central spot. The company is running 3 Graylog instances in 3 different regions. With Graylog Forwarder, they can centralize their log messages into one cluster for monitoring, alerting, and reporting while still identifying the origin cluster. In addition, centralizing the log data means they can perform searches across the different clusters which helps you find real-time answers to problems like outages, performance issues, or security alerts.

 

FREQUENTLY ASKED QUESTIONS

  • CAN LOGS BE COMPRESSED?
    Yes, the standalone Graylog Forwarder is a lightweight and fast solution to send your events to your Graylog Server Cluster or Graylog Cloud. The new forwarder simplifies the process of sending data by encompassing the different ways you can send data.
  • CAN YOU USE LOAD BALANCING?
    The Forwarder uses HTTP/2 (gRPC) for transport. If using more than one Concurrent Network Sender, then load balancing is supported. For more information see Load Balancing gRPC.
  • CAN YOU USE ENCRYPTION?
    Graylog Forwarder, can be encrypted with SSL/TLS encryption. This can be done with X.509 Certificates on each side of the transport.
  • Are there different set up for each environment? If you are setting up a Forwarder for Graylog on-premise, you will need to create a Forwarder input on the System > Inputs page. Skip this step if you are using Graylog Cloud.

WE'VE GOT YOU COVERED

Windows

Linux

Unix

JSON, CSV, TXT

Commercial Apps

Custom Apps

Change Mgmt

Switches

Firewalls

DNS

Routers

DBMS

Storage Mgmt