The Forwarder is a feature that is exclusively available for Graylog Cloud, Graylog Security, and Graylog Operations customers. To learn more about Graylog licenses, please contact the Graylog Sales team.

The Forwarder is distributed in similar packaging and installation methods as the Graylog server. You can choose between operating system packages, Docker, and binary tar installation methods for the forwarder. Each installation method is described below.

Binary Installation

To perform binary installation, download the binaries and manually install them on disk.

For the latest forwarder binaries, select the TGZ option from the Downloads page.

Operating System Package Installation

The most common installation method is the Linux operating system packages. You can choose from DEB and RPM. If you choose either tool, ensure that Java is available on your operating system (see System Requirements for appropriate Java version). In addition, confirm access to a TLS certificate and an API token generated from Graylog.

Install via DEB

1. Download the DEB package:

Copy
sudo apt-get install apt-transport-https openjdk-17-jdk-headless
wget https://packages.graylog2.org/repo/packages/graylog-forwarder-repository_5-1_all.deb
sudo dpkg -i graylog-forwarder-repository_5-1_all.deb
sudo apt-get update

2. Install the package:

Copy
sudo apt-get install graylog-forwarder

3. Create the certificate and update the config file:

Copy
sudo vi /etc/graylog/forwarder/forwarder.conf

4. Start the service:

Copy
sudo systemctl start graylog-forwarder.service

RPM Install Instructions

1. Install the Graylog repository configuration:

Copy
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-forwarder-repository-5-1.noarch.rpm

2. Install the graylog-forwarder package:

Copy
sudo yum install graylog-forwarder

3. Create the certificate and update the configuration file:

Copy
sudo vi /etc/graylog/forwarder/forwarder.conf

4. Start the service:

Copy
sudo systemctl start graylog-forwarder.service

Docker Installation

The forwarder is also available as a Docker image. Regardless of your installation method, you need to create a digital certificate to enhance security. To download the image, run the following command: docker pull graylog/graylog-forwarder:<release-version>

To run the container, you will need to pass it the following environment variables:

Hint: To configure the options for the container you MUST capitalize the option and pre-pend it with 'GRAYLOG_'. 

Copy
GRAYLOG_FORWARDER_SERVER_HOSTNAME
GRAYLOG_FORWARDER_GRPC_API_TOKEN

You also need to mount the certificate file as a volume. Here is an example command:

Copy
docker run -e GRAYLOG_FORWARDER_SERVER_HOSTNAME=ingest.<SERVER NAME> -e GRAYLOG_FORWARDER_GRPC_API_TOKEN=<INSERT_API_TOKEN_HERE> -v /path/to/cert/cert.pem:/etc/graylog/forwarder/cert.pem graylog/graylog-forwarder:<release-version>