Log Collection

Overview

The process of transferring logs, events and flow records from remote environments (on-premises or cloud) is known as log shipping. Using log shippers is the recommended way to send a high volume of logs from multiple apps and hosts. Log shippers are optimized for this task and offer many useful features such as buffering, saving data to disk in case of network issues, sending in bulk, compression, statistics, etc.

Currently CLA supports following log shippers:

1. Filebeat - for syslogs, weblogs etc from Linux operating systems.

   • Cross platform, much lighter on resource usage, requires a Logstash instance to aggregate logs

2. Winlogbeat: for syslogs on Windows

3. Packetbeat: for Netflow/IPFIX