Advice on log collections

Not really an incident / more a quick request on when to use a sidecar or a forwarder ?
Forwarder seems perfect for a number of use (including syslogs and affiliated) but you cannot inject a complex nxlog configuration as I do in my company.

Furthermore, does it make sense to send sidecar logs to a forwarder instead or directly to a cluster ?
Will it appear anyway in the cluster ?

Thanks ahead for you advice.

I must mention an error in your documentation :

in the following : * forwarder_server_hostname: (required) The Graylog Forwarder ingest hostname (eg. graylog for on-premise or ingest-<your-account>.graylog.cloud for Cloud).Provided in the Forwarder Setup Wizard in Graylog.

It should be named forwarder_server_destination and described as cluster ip or FQDN. Otherwise it makes no sense to me.

@dscryber - Something of note for the Doc Team. :smiley:

( I don’t have a qualified answer to the actual question… :stuck_out_tongue: )

1 Like

@pirona Thanks for your post. I checked with our documentation team. According to the team, the manual is correct as it’s written. They feel that making any changes would be detrimental to existing configurations, so, in this case, no change will be made. However, as always, they thank you for your post and encourage all community members to keep posting questions and suggestions here to the documentation.