– UPDATED solution at bottom of question –
I’ve looked around a bit and haven’t come across anything.
We deploy the sidecar to windows devices by default but our current process is to go to the sidecar management page in Graylog and go page by page searching for devices without a configuration and then add the winlogbeat configuration. This was fine when there were only a few pages but now with over 60 pages at the largest ‘results per page’ setting it takes far too long to add whatever new systems were deployed that week.
Is there any way to configure Graylog so that if a new sidecar registers that it will then pull a default configuration? If not, is there any chance filtering can be improved? Right now I can filter all sidecars with a specific configuration but there is no way to say ‘show me sidecars with no configurations’?
Interested to hear if others have come across this or have ideas on a solution?
UPDATE –
I found that you can set a default configuration for sidecars by doing the following:
- Navigate to System → Sidecars
- Select ‘Configuration’
- Go down to the bottom section “Log Collectors”
- Click ‘Edit’ on the collector you want to set a default configuration for
- Scroll to the ‘Default Template’ section and you can load your preferred default configuration.