How to use graylog to view logs from multiple machines [Mainly Windows]

Hey guys -

Very new to Graylog here. Recently got it set up to receive Syslog input from my main firewall, and installed the sidecar to start receiving logs as well.

The part i’m having trouble understanding is: how should it be set up if you have multiple windows servers, and would like to send the logs to the Graylog server? Will I need multiple sidecars for each server, or does the sidecar act as a centralized log collector? If so, what’s the right way to configure the sidecar and the separate servers to send their logs to the sidecar?

Any help would be greatly appreciated!

Thanks.

Please read the docs, how sidecar works:



Sidecar is only configuration manager, what deploy configurations from collector agents like beat (filebeat, winlogbeat), nxlog etc. So you need to install sidecar on overy windows servers.