tested on ubuntu/hirsute
make sure the graylog server is reachable
nmap -p 80,443,9000 GRAYLOG-SERVER curl -i http://GRAYLOG-SERVER:9000/api/?pretty=true
and you need a TOKEN from the web interface
grab the latest repository
ver=1-2 wget https://packages.graylog2.org/repo/packages/graylog-sidecar-repository_${ver}_all.deb dpkg -i graylog-sidecar-repository_${ver}_all.deb apt update && apt install graylog-sidecar graylog-sidecar -service install
mv -i /etc/graylog/sidecar/sidecar.yml /etc/graylog/sidecar/sidecar.yml.dist grep -vE '^#|^$' /etc/graylog/sidecar/sidecar.yml.dist > /etc/graylog/sidecar/sidecar.yml vi /etc/graylog/sidecar/sidecar.yml server_url: "http://buster:9000/api/" server_api_token: "TOKEN-HERE"
tail -F /var/log/graylog-sidecar/sidecar.log systemctl restart graylog-sidecar.service systemctl enable graylog-sidecar.service date ls -alF /var/lib/graylog-sidecar/generated/ ls -lF /etc/graylog/sidecar/node-id
setup filebeat and enable from the graylog server web interface
System > Sidecars / Administration enable Filebeat on the newly appeared node
INGEST FROM FILES https://docs.graylog.org/docs/files
GRAYLOG SIDECAR https://docs.graylog.org/docs/sidecar
https://github.com/Graylog2/collector-sidecar/releases
Filebeat quick start: installation and configuration https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html
NXLog Community Edition https://nxlog.co/products/nxlog-community-edition/download