Graylog Sidecar / Filebeat Setup

graylog server | sidecar | filebeat | syslog udp

RequirementsRequirements

on the Graylog server web UI

first, you need to prepare the Graylog server to receive those beats as an input method

System / Input

Beats > Launch new input

check   "Global"
title   beats
bind    0.0.0.0
port    5044

SetupSetup

on the Graylog server web UI

also create a Sidecar configuration to grab the log files with. change log location and target listener

System / Sidecars --> Configuration

Crate Configuration

name        ...filebeat-linux-cutstom
color      ...
collector       filebeat on Linux

fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

filebeat.inputs:
- input_type: log
  paths:
  - /var/log/messages
  - /var/log/syslog
  - /var/log/*/*log
  type: log

output.logstash:
   hosts: ["graylog-server:5044"]

path:
  data: /var/lib/graylog-sidecar/collectors/filebeat/data
  logs: /var/lib/graylog-sidecar/collectors/filebeat/log

Ready to goReady to go

on the Graylog server web UI

enable Filebeat for the hosts you want managed that way

System > Sidecars / Administration

enable Filebeat on the newly appeared node

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT