How to Install Graylog Sidecar
What is Graylog Sidecar?
Graylog Sidecar is a nimble configuration management framework for various log collectors called backends. The Graylog master node acts as a centrally located hub that contains the configurations of the log collectors. Sidecar can run as a service on both Windows and Linux servers.
As web applications become more distributed, one of the most crucial things to understand is how your system behaves. Because of this, we will guide you on how to install Graylog Sidecar which works as a log collector.

Prerequisites
In order to run Sidecar, we need to install and configure the following software, before starting any Graylog services.
CentOS 7 Installation of Sidecar
After meeting the above prerequisites, we will need to download the RPM package of the Sidecar version that we want to use. The most straightforward method is to download a pre-compiled rpm packages from the Graylog repository.
After we downloaded the RPM package, we will need to install it. We can install Graylog using the “yum localinstall” command to install the package.
[root@host3 ~]# wget https://github.com/Graylog2/collector-sidecar/releases/download/1.0.2/graylog-sidecar-1.0.2-1.x86_64.rpm
--2020-03-11 14:57:51-- https://github.com/Graylog2/collector-sidecar/releases/download/1.0.2/graylog-sidecar-1.0.2-1.x86_64.rpm
Resolving github.com (github.com)... 140.82.114.4
Connecting to github.com (github.com)|140.82.114.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/46565708/327c3c80-c020-11e9-9ca8-3c584ca1e5e7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200311%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200311T185753Z&X-Amz-Expires=300&X-Amz-Signature=aca6f4fee706c6fd96825c91408fd6697dd2c3d22cc6481544a22af23d570cb6&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dgraylog-sidecar-1.0.2-1.x86_64.rpm&response-content-type=application%2Foctet-stream [following]
--2020-03-11 14:57:52-- https://github-production-release-asset-2e65be.s3.amazonaws.com/46565708/327c3c80-c020-11e9-9ca8-3c584ca1e5e7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200311%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200311T185753Z&X-Amz-Expires=300&X-Amz-Signature=aca6f4fee706c6fd96825c91408fd6697dd2c3d22cc6481544a22af23d570cb6&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dgraylog-sidecar-1.0.2-1.x86_64.rpm&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.225.136
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.225.136|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2941991 (2.8M) [application/octet-stream]
Saving to: ‘graylog-sidecar-1.0.2-1.x86_64.rpm.1’
100%[===============================================================>] 2,941,991 15.6MB/s in 0.2s
2020-03-11 14:57:52 (15.6 MB/s) - ‘graylog-sidecar-1.0.2-1.x86_64.rpm.1’ saved [2941991/2941991]
[root@host ~]#
Install Graylog Sidecar
After we downloaded the RPM package, we will need to install it. We can install the package using the “yum localinstall” command. We are using a yum localinstall command as opposed to the rpm -i command because, yum will insure all the required dependencies are installed.
[root@host ~]# yum localinstall graylog-sidecar-1.0.2-1.x86_64.rpm
Loaded plugins: fastestmirror, priorities
Examining graylog-sidecar-1.0.2-1.x86_64.rpm: graylog-sidecar-1.0.2-1.x86_64
Marking graylog-sidecar-1.0.2-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package graylog-sidecar.x86_64 0:1.0.2-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================
Package Arch Version Repository Size
======================================================================
Installing:
graylog-sidecar x86_64 1.0.2-1 /graylog-sidecar-1.0.2-1.x86_64 7.3 M
Transaction Summary
======================================================================
Install 1 Package
Total size: 7.3 M
Installed size: 7.3 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : graylog-sidecar-1.0.2-1.x86_64 1/1
Verifying : graylog-sidecar-1.0.2-1.x86_64 1/1
Installed:
graylog-sidecar.x86_64 0:1.0.2-1
Complete!
[root@host ~]#
Graylog Sidecar Configuration
Before activating Sidecar, we will need to edit the Sidecar configuration file. The default location of the file is /etc/graylog/sidecar/sidecar.yml. We can edit this file using vim.
[root@host ~]# vim /etc/graylog/sidecar/sidecar.yml
When editing the Sidecar configuration file, most of the settings can be left at their default values. The only option which needs to be adjusted is the server_url setting. This option allows us to use the Graylog API and server_api_token, which lets us to authenticate against the Graylog API server. The settings should be configured as follows.
- server_url: URL to the Graylog API, e.g. http://192.168.1.1:9000/api/
- server_api_token: The API token to used to authenticate against the Graylog server API.
e.g. 1jq26cssvc6rj4qac4bt9oeeh0p4vt5u5kal9jocl1g9mdi4og3n
The token is mandatory and needs to be configured.
Service Activation
After editing the Sidecar configuration, we then need to activate the service. Since we are using CentOS 7, we can use the following commands.
[root@host3 ~]# graylog-sidecar -service install
[root@host3 ~]# systemctl start graylog-sidecar
Open Firewall Port
We also have to open port 9000 in the firewall in order to be able to view the interface. We can accomplish this using the following commands.
netstat -na | grep 9000
iptables-save | grep 9000
echo "filebeat 9000/tcp #sidecare" sudo tee -a /etc/services
firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --reload
Collector Installation on CentOS 7
After installing Sidecar, we will need to decide which collector we want to use. Graylog contains a default Linux configuration for Filebeat and NXlog. In this tutorial, we will use a Filebeat installation and configuration since it is one of the most commonly used software titles.
Install Filebeat on Linux (CentOS 7)
Since we are using CentOS 7 as our operating system, the easiest way to install Filebeat is by using YUM, But, before the installation, we need to make sure that we have Beats repository added. Let's download and install the public signing key using the following command.
[root@host3 /]# rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
Next, to add the correct repository, we will need to create a .repo file. In CentOS, you can find your .repo files located in /etc/yum.repos.d/ directory.
Using the following command, run this to add the following lines to our elastic.repo file.
[root@host ~]# echo "[elastic-7.x]
> name=Elastic repository for 7.x packages
> baseurl=https://artifacts.elastic.co/packages/7.x/yum
> gpgcheck=1
> gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
> enabled=1
> autorefresh=1
> type=rpm-md" | sudo tee -a /etc/yum.repos.d/elastic.repo
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[root@host ~]#
Filebeat Yum Installation
After the right repo is added to our system, we can start the installation by running the following command.
[root@host3 /]# yum install filebeat
Configure the Filebeat Service
We can start the service using the following command.
[root@host3 /]# systemctl start filebeat
Now, we can configure the service to start automatically at boot using the following command.
[root@host3 /]# systemctl enable filebeat
Conclusion
Whether you are looking to add in additional logging for your server or an entire server cluster, Sidecar will meet those needs.
Should you have thoughts or questions about the platform sidecar can function in, give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Solutions or Experienced Hosting advisors to learn how you can take advantage of these methods today!
Related Articles:

About the Author: Denis Bosack
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.
Latest Articles
How to Install WordPress on Linux (AlmaLinux)
Read ArticleWhat is CentOS? Everything You Need to Know
Read ArticleWhat is CentOS? Everything You Need to Know
Read ArticleRedis as Cache: How It Works and Why You Should Use It
Read ArticleRefer-a-Friend Program for Website Hosting: Get $100 for Each Friend!
Read Article