I think I get it now! Thus far, my attention and energy has been focused on shaping and tailoring my system logging to look right in syslog and pushing to :514 to my Graylog test instance, but as I look to collect more inputs, I wonder if I’ve been going about it wrong: Is Graylog Sidecar a mechanism that should replace all my manual log-picking and massaging efforts?
Like instead of manually mucking with rsyslog.conf, I would want to set up Graylog Sidecar and let it expose to Graylog all the log message sources so I could pick and choose and massage the messages there?
Is there a big advantage (any disadvantage?) to this?
Hi - Thanks for your reply to provide clarification/validation to my uncertainty. It appears that in a single monitored server environment, there may be no immediate advantage to implementing Graylog Collector Sidecar, bc its job is to manage configuration of log files to collect and how to translate into something Graylog understands. If I have already configured my handful of interesting log files and have already configured the parsing of them in Graylog directly, then adding Graylog Collector Sidecar is superfluous. It might help in the long run, and it would certainly be helpful when dealing with multiple monitored servers.
