Falcon Log Collector

The Falcon Log Collector is the native log shipper for LogScale. It can collect and send events to a LogScale repository, using LogScale ingest tokens to route data to the relevant repositories.

Falcon Log Collector, available on Linux, macOS and Windows can be managed centrally through Fleet Management, enabling you to centrally manage multiple instances of Falcon Log Collector from within LogScale.

  • command sources;

  • Windows events

  • files

  • Linux systems

  • syslog

  • unifiedlog

  • JournalD sources

It uses @collect.* metadata attached to events, including unique collector ID, hostname, @collect.timestamp, etc.

Falcon Log Collector buffers in memory, and sends data to LogScale instances based on ingest tokens or environment variables.

It offers a sub-second ingest lag between a line being written and sent to LogScale: this is configurable. It also provides network compression (default is ON), and supports HTTP(S) proxies.

Refer to the following documentation for more information on the LogScale Collector:

Installing Falcon Log Collector

The headings of the list below are linked to documentation pages that explain how to install Falcon Log Collector:

Install Falcon Log Collector

Describes how to install Falcon Log Collector using the full install which is required in order to manage updates remotely.

Download and Install Falcon Log Collector using Installers (Custom Install)

For details on how to install Falcon Log Collector using custom methods.

Configuring Falcon Log Collector

The headings of the list below are linked to documentation pages that explain how to configure Falcon Log Collector:

Configure Falcon Log Collector

Falcon Log Collector can be configured remotely, or through its configuration files, locally. This linked page describes how to make changes to the configuration.

Configuration Elements

Related to making changes to the configuration file – which is a yaml file – this page lists the configuration elements of which you will need to be aware for proper parsing of the yaml configuration file.

Sources & Examples

By clicking on the heading here, you'll be taken to a page which provides a set of example configuration files and source specific references that you might find useful.

Updates & Other Resources

It's important to keep your software up-to-date, and to keep current on the latest related information. Below are links to documentation to do this:

LogScale Collector Releases

Falcon Log Collector is still fairly new. There are many improvements that are added and released pretty often. The page linked here provides information on those releases.

Data Sources

Falcon Log Collector supports several data sources. They're the data points from which the data is collected. Click on the heading here for more information on this.

Sinks

Falcon Log Collector sends data only to LogScale, making use of proprietary, optimized ingest APIs. Sinks are specifically where the data collected is sent.