Introduction to Graylog Sidecar
Manage Multiple Logging Agents
How It Works
Graylog Sidecar controls the agents in your environment while maintaining a consistent configuration across the hosts via a tag system. Tags are created via the Web Console, containing the configuration for the collection type (e.g., Apache logs, DNS logs).
Agent With Tag “Windows_Server”
Once the system has the tag applied to the endpoint, it automatically starts collecting the logs and bringing them into Graylog. Snippets can also be used, to provide additional configuration of the agent when it may not be possible via system.
Frequently Asked Questions
What type of agents can I control?
You can utilize industry standard collection agents via Sidecar. Common agents are NXLog, Filebeat, and Winlogbeat. All agents use a GELF output and can be pointed to one input. This modular architecture allows for other agents as well.
Can I create templates and apply them to a group of computers?
Yes, this is done by applying a “tag” to the configuration of each computer. Once the tag has been created, you can apply to respective hosts to start collection in a consistent method.
Can I secure the agent communication?
You can configure the collector with TLS Support to encrypt all data in transit. For an additional layer of security, you can also configure client authentication with certificates, if you are using your own certificate authority in your organization. With this, only authorized agents can send logs to Graylog.
Can I monitor the health of the agent?
Yes, each agent monitors the CPU utilization and can monitor for volumes over 75% full to give you notice of a disk running out of space.