Sometimes there are requirements that disallow free remote log collection configuration (i.e. restriction to what files can be collected must be configured on host). Limiting what paths are allowed to be collected on host would solve this.
There are some ways alternative to do this:
- Using file permissions which can be cumbersome to setup
- Not use collector-sidecar and configure just filebeat which disallows any configuration from Graylog server
Enabling the collector-sidecar to limit the glob expressions would be straightforward approach to limit what can be collected.
We have implemented this allowed_paths configuration option in our fork and are offering that to collector-sidecar. See comparison here: https://github.com/Graylog2/collector-sidecar/compare/master...digiapulssi:allowed-paths-implementation