I’m hoping someone can provide some advice/point me in the right direction with regards to what I would like to accomplish with using Graylog in our small office.
I have two servers running on USB drives for their O/S. I’m planning to run all logs in Ram on these servers using log2ram and send all /var/log/ files to my Graylog server.
I’ve successfully setup Graylog and I’ve sent my syslog from my server to graylog using rsyslog.
What I’m looking to find now is how to move any log from /var/log into Graylog. I’ve been researching/googling and I can see many different types of agents to help move logs. But is there a way to move any log in /var/log from a server into Graylog or do I need to define each log in /var/log in an agent before it can be moved into Graylog?
There are a couple ways of doing this. One is using Graylog sidecar. If you wish not to use Graylog Sidecar you can install Nxlog-CEstandolone install . Next you can use Filebeat standalone install also.
My personal choice is using Graylog Sidecar it may have couple extra steps needed but in the long run it has its props.
I did start off just using Nxlog single install to ship my logs to Graylog and its fairly easy to install and configure. With Graylog Sidecar you still can use Nxlog, Beats, etc… it a wrapper to these log shippers.
For example: Using Nxlog configuration to get all logs from /var/log.
This documentation if you haven’t seen it yet, is a good starter for understanding architectural considerations. along with some other good information on HowTo.
