Skip to content

digiapulssi/graylog-sidecar

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
data
data
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

Graylog Sidecar

Docker image for Graylog Sidecar Collector using filebeat

Sidecar and collector logging

Sidecar and collectors write log to /var/log/graylog/collector-sidecar with default daily rotation and retention time of 7 days. By default, log directory is inside the container. Add appropriate volume mount to store logs in host.

Usage

The container uses environment variables to define the logfiles that are monitored and connection settings to the server running Graylog. Following parameters are available:

  • GS_SERVER_URL (REQUIRED)
  • Graylog server url to connect to
  • GS_NODE_ID (REQUIRED)
  • Graylog Sidecar instance name
  • GS_TAGS (REQUIRED)
  • Tags that are to be monitored (configurations retrieved from Graylog server)
  • GS_UPDATE_INTERVAL
  • seconds interval on how often the configuration is retrieved from Graylog server, default is 60
  • GS_SEND_STATUS
  • enable sending collector status to server, default is true
  • GS_TLS_SKIP_VERIFY
  • Ignore errors when the REST API was started with a self-signed certificate, default is false
  • GS_LIST_LOG_FILES
  • list of container paths that contain the log files monitored, listings of these paths are periodically published to server, default is empty
  • Example: GS_LIST_LOG_FILES=['/var/log/apache2','/var/log/mariadb']
  • GS_COLLECTOR_ID
  • Identifier (UUID) for collector, default is to autogenerate one at first run
  • Autogenerated collector ID is changed if the container is recreated, use explicitly configured one if collector ID must preserved for data correlation
  • GS_LOG_ROTATION_TIME
  • Log rotation period in seconds, default is 86400 (1 day)
  • GS_LOG_MAX_AGE
  • Log retention time in seconds, default is 604800 (7 days)

Also, the monitored folder needs to be mounted for the docker container. E.g. if you want to monitor host location /var/log/apache2, you should mount it as follows:

docker run --env-file ./env.list -v /var/log/apache2:/host/var/log/apache2:ro -d digiapulssi/graylog-sidecar

Example env.list configuration:

GS_SERVER_URL=http://graylog2:9000/api/
GS_NODE_ID=apache-server
GS_TAGS=['apache2']

Since Graylog Sidecar retrieves its configuration from Graylog server, a matching configuration needs to exist in the server side. In particular, each tag that is configured in the GS_TAGS variable needs to exist in the Graylog server Collectors configuration.

About

Docker image for Graylog Sidecar Collector

Resources

Readme
Activity
Custom properties

Stars

5 stars

Watchers

5 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages