Graylog Enterprise

Graylog Sidecar

Gathering logs from all your computer systems just got easier with Graylog's Sidecar feature. Graylog Sidecar allows for centralized and stackable configuration, utilizing any log collection agent. With consistent, easy deployment as the central goal, Graylog created Sidecar with built-in security and compatibility.

How it Works

Graylog Sidecar controls the agents in your environment while maintaining a consistent configuration across the hosts via a tag system. Tags are created via the Web Console, containing the configuration for the collection type (e.g., Apache logs, DNS logs).

Agent With Tag “Windows_Server”

Once the system has the tag applied to the endpoint, it automatically starts collecting the logs and bringing them into Graylog. Snippets can also be used, to provide additional configuration of the agent when it may not be possible via system.

Frequently Asked Questions

What type of agents can I control?

You can utilize industry standard collection agents via Sidecar. Common agents are NXLog, Filebeat, and Winlogbeat. All agents use a GELF output and can be pointed to one input. This modular architecture allows for other agents as well.


Yes, this is done by applying a “tag” to the configuration of each computer. Once the tag has been created, you can apply to respective hosts to start collection in a consistent method.

Can I share the agent communication?

You can configure the collector with TLS Support to encrypt all data in transit. For an additional layer of security, you can also configure client authentication with certificates, if you are using your own certificate authority in your organization. With this, only authorized agents can send logs to Graylog.

Can I monitor the health of the agent?

Yes, each agent monitors the CPU utilization and can monitor for volumes over 75% full to give you notice of a disk running out of space.