The Forwarder is a feature that is exclusively available for Graylog Cloud, Graylog Security, and Graylog Operations customers. To learn more about Graylog licenses, please contact the Graylog Sales team.
The forwarder supports the following configuration options:
forwarder_server_hostname: (required)
The Graylog Forwarder ingest hostname (eg.Graylogfor on-premise oringest-<your-account>.graylog.cloudfor Cloud). Provided in the Forwarder Setup Wizard in Graylog.forwarder_grpc_api_token: (required)
The API Token for authenticating the forwarder. Provided in the Forwarder Setup Wizard in Graylog.forwarder_grpc_enable_tls: (optional - defaults totrue)
Enables TLS for forwarder communication. Always enable for production use.forwarder_grpc_tls_trust_chain_cert_file: (optional)
The full path to the trust chain certificate file (eg. cert.pem). Used to encrypt Forwarder communication. If not provided, the forwarder will still trust public CAs. Not required for Cloud installations, since a public CA is always used.forwarder_message_transmission_port: (optional - defaults to13301)
The remote TCP port to send log messages through to Graylog.forwarder_configuration_port: (optional - defaults to13302)
The remote TCP port through which a configuration and control channel is established between the forwarder and Graylog.forwarder_grpc_enable_compression: (optional - defaults totrue) enables compression for forwarder communication.forwarder_grpc_call_timeout: (optional - defaults to60s) the timeout for forwarder log message forwarding communication.forwarder_grpc_graceful_shutdown_timeout: (optional - defaults to 10s)
The time to allow ongoing log message forwarding requests to complete upon forwarder shutdown.forwarder_grpc_message_batch_size: (optional - defaults to100KB
The size for batches of log messages that triggers sending from the Forwarder to Graylog. Once this batch size is reached, the batch is synchronously sent to Graylog.forwarder_grpc_max_message_size: (optional - defaults to4MB)
The maximum log message size permitted through the forwarder. Log messages exceeding this size will be discarded. This value must be smaller than the same property set on the Graylog server-side of the forwarder.forwarder_grpc_message_flush_interval: (optional - defaults to1s)
The maximum time to wait before sending a batch to Graylog if the configured batch size is not yet reached.forwarder_grpc_message_sending_thread_pool_size5)
The number of simultaneous batch sender threads. Each batch sender will attempt to send one batch at a time and wait for a server-side acknowledgment before proceeding.forwarder_configuration_polling_interval: (optional - defaults to10s)
The interval at which configuration is retrieved from Graylog.forwarder_state_reporting_interval: (optional - defaults to10s)
The interval at which input states and metrics are reported to Graylog.forwarder_heartbeat_interval: (optional - defaults to2s)
The interval at which the forwarder heartbeat is sent. This tells Graylog that the forwarder is connected.forwarder_api_enabled: (optional - defaults tofalse)
Enables the forwarder REST API. If enabled, the API will listen on a Unix Domain Socket using the file indicated withforwarder_api_socket_path,forwarder_api_tcp_bind_addressvalue is provided.forwarder_api_socket_path: (optional - defaults to<working-directory/data/forwarder-api.sock>)
If the Forwarder API is enabled, it will listen on a Unix Domain Socket using the file, unless aforwarder_api_tcp_bind_addressforwarder_api_socket_permissions: (optional - defaults torw-------)
The permissions for the Forwarder API Domain Socket file.forwarder_api_tcp_bind_address: (optional)
The host and optional port number to bind the forwarder API to, eg.192.168.1.10192.168.1.10:9090. If a port number is not specified with the hostname, the default port9001will be used. If specified, the API will no longer listen on a Unix Domain Socket.
