How To Install and Configure Graylog Sidecar on Debian 11

Step 1: Download Graylog Sidecar repository and Install

$ sudo wget https://packages.graylog2.org/repo/packages/graylog-sidecar-repository_1-2_all.deb
$ sudo dpkg -i graylog-sidecar-repository_1-2_all.deb
$ sudo apt update && sudo apt install graylog-sidecar

Step 2: Configure Graylog Sidecar

$ nano /etc/graylog/sidecar/sidecar.yml

Make changes to the following items as needed:

server_url: "https://graylog_server_ip:9000/api"
server_api_token: "token_created_on_graylog_server"
node_name: "hostname_or_custom_name"
send_status: true

Save the configuration file and exit the editor.

Step 3: Install Graylog Sidecar Daemon or Service

$ sudo graylog-sidecar -service install

Step 4: Enable and Start Service

$ systemctl enable graylog-sidecar
$ systemctl start graylog-sidecar

Install and Configure Filebeat

Step 1: Download and Install Public Signing Key

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Step 2

$ apt install apt-transport-https

Step 3: Save Repository Definition

$ echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Step 4: Install Filebeat

$ sudo apt update && $ sudo apt install filebeat

Step 5: Enable and Start Filebeat

$ systemctl enable filebeat