Skip to content

Collecting Remote Files

Collecting files from multiple servers (and endpoints in general) has always been a challenge. Overall, there are several approaches:

  • Push over syslog or other standard protocol
  • Agent installed on each server to send logs to a collector/manager
  • Collector to reach out over standard protocols and fetch files
  • Shared folders between the server and the collector
  • Regularly copying files to a machine, where a collector has access

For Windows, remote event log collection is supported and that makes things easier, but not all applications write to the event log. Text files are still a thing and so other options must be considered. For Linux syslog is a more standard approach, but it requires additional configuration and possibly installing additional software.

LogSentinel Collector supports all of the above options. We support the third option (collector reaching out to fetch files) in the following ways:

  • tail -f over SSH for Linux
  • Get-Content -Tail with PowerShell remoting over SSH
  • FTP tailing (continuously downloading the log file over FTP)

This allows us to provide uninvasive and easy to configure log collection without the need to install 3rd party software or do forwarding configurations. It has its challenges (disconnects and timeouts), which we address in our collector.

In order to a remote log file tailing to work, authentication credentials need to be configured. We recommend creating a dedicated read-only account with access only to the specified log files.