Graylog Sidecar controls the agents in your environment while maintaining a consistent configuration across the hosts via a tag system. Tags are created via the Web Console, containing the configuration for the collection type (e.g., Apache logs, DNS logs).
Agent With Tag “Windows_Server”
Once the system has the tag applied to the endpoint, it automatically starts collecting the logs and bringing them into Graylog. Snippets can also be used, to provide additional configuration of the agent when it may not be possible via system.
You can utilize industry standard collection agents via Sidecar. Common agents are NXLog, Filebeat, and Winlogbeat. All agents use a GELF output and can be pointed to one input. This modular architecture allows for other agents as well.
Yes, this is done by applying a “tag” to the configuration of each computer. Once the tag has been created, you can apply to respective hosts to start collection in a consistent method.
You can configure the collector with TLS Support to encrypt all data in transit. For an additional layer of security, you can also configure client authentication with certificates, if you are using your own certificate authority in your organization. With this, only authorized agents can send logs to Graylog.
Yes, each agent monitors the CPU utilization and can monitor for volumes over 75% full to give you notice of a disk running out of space.