Beats, sidecar, and homegrown: A n00b's simple guide


(Bronius Motekaitis) #1

I think I get it now! Thus far, my attention and energy has been focused on shaping and tailoring my system logging to look right in syslog and pushing to :514 to my Graylog test instance, but as I look to collect more inputs, I wonder if I’ve been going about it wrong: Is Graylog Sidecar a mechanism that should replace all my manual log-picking and massaging efforts?

Like instead of manually mucking with rsyslog.conf, I would want to set up Graylog Sidecar and let it expose to Graylog all the log message sources so I could pick and choose and massage the messages there?

Is there a big advantage (any disadvantage?) to this?

Thanks
-Bronius


(Jan Doberstein) #2

Hej @texas-bronius

please look at the first paragraph:

http://docs.graylog.org/en/2.3/pages/collector_sidecar.html


(Bronius Motekaitis) #3

Hi - Thanks for your reply to provide clarification/validation to my uncertainty. It appears that in a single monitored server environment, there may be no immediate advantage to implementing Graylog Collector Sidecar, bc its job is to manage configuration of log files to collect and how to translate into something Graylog understands. If I have already configured my handful of interesting log files and have already configured the parsing of them in Graylog directly, then adding Graylog Collector Sidecar is superfluous. It might help in the long run, and it would certainly be helpful when dealing with multiple monitored servers.

Best
-Bronius


(Jan Doberstein) #4

Hej @texas-bronius

you are absolute right.

This will help if you have multiple servers and you want to be able to configure the file collection from within Graylog.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.