I’m researching whether it is possible to have sidecar or graylog save a copy of the raw message stream to a local disk. The idea is to have various sources using sidecar and syslog push to either a middle log depot machine which will store the logs to a longer retention than is possible on the application boxes and then from there push to graylog/ES for indexing and searching. I know that syslog can save a copy of anything it receives from a TCP/UDP input. Can sidecar be configured in the same way? If not, can graylog be configured to save the messages coming in in the original format?
You can probably configure the actual log shipper which collects and sends log messages to Graylog, but the Collector Sidecar itself doesn’t read any log messages.
