The Forwarder is a feature that is exclusively available for Graylog Cloud, Graylog Security, and Graylog Operations customers. To learn more about Graylog licenses, please contact the Graylog Sales team.
The forwarder supports the following configuration options:
The Graylog Forwarder ingest hostname (eg.
Graylogfor on-premise or
ingest-<your-account>.graylog.cloudfor Cloud). Provided in the Forwarder Setup Wizard in Graylog.
The API Token for authenticating the forwarder. Provided in the Forwarder Setup Wizard in Graylog.
forwarder_grpc_enable_tls: (optional - defaults to
Enables TLS for forwarder communication. Always enable for production use.
The full path to the trust chain certificate file (eg. cert.pem). Used to encrypt Forwarder communication. If not provided, the forwarder will still trust public CAs. Not required for Cloud installations, since a public CA is always used.
forwarder_message_transmission_port: (optional - defaults to
The remote TCP port to send log messages through to Graylog.
forwarder_configuration_port: (optional - defaults to
The remote TCP port through which a configuration and control channel is established between the forwarder and Graylog.
forwarder_grpc_enable_compression: (optional - defaults to
true) enables compression for forwarder communication.
forwarder_grpc_call_timeout: (optional - defaults to
60s) the timeout for forwarder log message forwarding communication.
forwarder_grpc_graceful_shutdown_timeout: (optional - defaults to 10s)
The time to allow ongoing log message forwarding requests to complete upon forwarder shutdown.
forwarder_grpc_message_batch_size: (optional - defaults to
The size for batches of log messages that triggers sending from the Forwarder to Graylog. Once this batch size is reached, the batch is synchronously sent to Graylog.
forwarder_grpc_max_message_size: (optional - defaults to
The maximum log message size permitted through the forwarder. Log messages exceeding this size will be discarded. This value must be smaller than the same property set on the Graylog server-side of the forwarder.
forwarder_grpc_message_flush_interval: (optional - defaults to
The maximum time to wait before sending a batch to Graylog if the configured batch size is not yet reached.
: (optional - defaults to
The number of simultaneous batch sender threads. Each batch sender will attempt to send one batch at a time and wait for a server-side acknowledgment before proceeding.
forwarder_configuration_polling_interval: (optional - defaults to
The interval at which configuration is retrieved from Graylog.
forwarder_state_reporting_interval: (optional - defaults to
The interval at which input states and metrics are reported to Graylog.
forwarder_heartbeat_interval: (optional - defaults to
The interval at which the forwarder heartbeat is sent. This tells Graylog that the forwarder is connected.
forwarder_api_enabled: (optional - defaults to
Enables the forwarder REST API. If enabled, the API will listen on a Unix Domain Socket using the file indicated with
forwarder_api_tcp_bind_addressvalue is provided.
forwarder_api_socket_path: (optional - defaults to
If the Forwarder API is enabled, it will listen on a Unix Domain Socket using the file, unless a
value is specified.
forwarder_api_socket_permissions: (optional - defaults to
The permissions for the Forwarder API Domain Socket file.
The host and optional port number to bind the forwarder API to, eg.
192.168.1.10:9090. If a port number is not specified with the hostname, the default port
9001will be used. If specified, the API will no longer listen on a Unix Domain Socket.
message_journal_max_size: (optional - defaults to 5gb)
Maximum size of message journal. If journal fills up, oldest messages are deleted first.
message_journal_max_age: (optional - defaults to 12h)
Maximum age of message in journal. Messages older than this time will be deleted/flushed from the journal even if they have not been sent to a Graylog Cluster.