Step 1: Download Graylog Sidecar Repository and Install
$ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-sidecar-repository-1-2.noarch.rpm
$ sudo yum install graylog-sidecar
Step 2: Configure Sidecar
$ sudo nano /etc/graylog/sidecar/sidecar.yml
Make changes to the following items as needed:
server_url: "https://graylog_server_ip:9000/api"
server_api_token: "token_created_on_graylog_server"
node_name: "hostname_or_custom_name"
send_status: true
Step 3: Install Graylog Sidecar Service
$ sudo graylog-sidecar -service install
Step 4: Enable and Start Sidecar Service
$ sudo systemctl enable graylog-sidecar
$ sudo systemctl start graylog-sidecar
Install and Configure Filebeat
Step 1: Download and Install Public Signing Key
$ sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
Step 2: Create Repository
$ sudo nano /etc/yum.repos.d/elastic.repo
Enter the following content and save the repo:
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
Step 3: Install Filebeat
$ sudo yum install filebeat
Step 4: Enable and Start Filebeat
$ sudo systemctl enable filebeat
$ sudo systemctl start filebeat
