Graylog Sidecar is a lightweight configuration management system for log collectors. It provides a framework for managing log collectors, such as Winlogbeat, Filebeat, and NXLog.

Sidecar Architecture

The Graylog node acts as a centralized hub containing log collector configurations. The Sidecar daemon will periodically fetch all relevant configurations for the target using the REST API. The Sidecar generates relevant backend configuration files on its first run or whenever a configuration change is detected. It then starts the reconfigured log collectors. The collector configurations are centrally managed through the Graylog web interface.

Graylog Sidecar can run as a service (Windows host) or as a daemon (Linux host) on supported, message-producing devices.

Sidecar Resources

In the following series of articles, we will guide you through the steps to install, configure, and run Graylog Sidecar effectively.

Hint: Please note these articles pertain to a self-managed Graylog Sidecar configuration. For information on using Sidecar in Graylog Cloud, please see Sidecar in the Cloud.

1. Install Graylog Sidecar

   1. Install Sidecar on Linux

   2. Install Sidecar on Windows

2. Set Up Sidecar Collectors

3. Getting Started with Graylog Sidecar