Collectors

Collectors are responsible for collecting logs, data and metrics from a variety of sources and shipping them to Logstail Platform.

1. Logs Collector is designed to gather log files, parse them and forward the data to Logstail Platform for further processing and analysis. It simplifies the process of collecting, parsing and centralizing log data from different sources, making it easier for you to manage and gain insights from your log files.
2. Metrics Collector is designed for collecting system and service metrics from various sources. Metrics offer quantitative data related to the performance and behavior and are crucial for monitoring the health and performance of servers, containers, databases, and other applications. Metrics collector is essential for system administrators and developers to ensure the optimal functioning of their infrastructure, identify bottlenecks, troubleshoot issues, and make data-driven decisions to improve overall performance and user experience.
3. Packets Collector is used for monitoring network traffic in real-time, capturing network packets and extracting relevant metadata from various protocols, such as HTTP, DNS, TCP, and more. Unlike traditional network monitoring tools that focus on aggregated statistics, it provides detailed insights into the communication patterns between different systems and services. It is particularly valuable for security monitoring, troubleshooting network issues, and gaining visibility into the interactions between applications. It helps network administrators and security professionals detect potential security threats, analyze network behavior, and investigate security incidents by providing granular information about network activities.
4. SIEM Collector is a key component of Logstail Platform. It is crucial for real-time threat detection, log analysis, and incident response within an organization’s IT environment. SIEM actively monitors log files, system events, application logs, and other data sources on the host where it is installed. It performs log analysis locally, allowing for immediate detection of security incidents. Also performs integrity checking on system files and registry entries, ensuring that critical system components have not been tampered with, which is especially important for identifying signs of compromise or malware activity. Additionally, it can be configured to perform rootkit detection, providing an additional layer of security by identifying hidden or malicious software that may have compromised the host system. Furthermore, SIEM Collector offers vulnerability detection by integrating with vulnerability databases and performing periodic scans of systems and applications. It helps organizations identify and address security vulnerabilities before they can be exploited by attackers.