Agent Management Overview
To ingest events from your applications into your custom log, you can install the Oracle fluentd-based agent. This agent allows you to control exactly which logs you want to collect, how to parse them, and more.
The Unified Monitoring Agent is a fully managed agent, and custom client configuration isn't officially supported. For example, gathering logs from remote sources isn't recommended, because doing so can have serious security implications (because the log source can't be verified).
Oracle Cloud Infrastructure Logging includes Agent Configurations to enable and manage the agent for a set of supported operating systems. Agent Configurations give you a central experience to easily configure what custom logs you want to ingest across your fleet of hosts. The following are the supported operating systems for agent configurations:
| OS | non-FIPS | FIPS | ARM |
|---|---|---|---|
| Oracle Linux 7 | Yes | Yes | Yes |
| Oracle Linux 8 | Yes | Yes | No |
| CentOS 7 | Yes | Yes | No |
| Windows Server 2012 R2 | Yes | Yes | No |
| Windows Server 2016 | Yes | Yes | No |
| Windows Server 2019 | Yes | Yes | No |
| Ubuntu 16.04 | Yes | No | No |
| Ubuntu 18.04 | Yes | No | No |
| Ubuntu 20.04 | Yes | No | No |
See Installing the Agent for instructions on obtaining the installation files for each OS.
For Linux, only register Linux-specific input types, such as
Log Path, for a dynamic group that includes only a Linux instance. For Windows, only register Windows-specific input types, such as Windows event log, for a dynamic group that includes only a Windows instance. Otherwise, the Unified Monitoring Agent malfunctions if you register a Windows input type for a Linux instance, and vice versa.Unified Monitoring Agent and Agent Configuration Security
Unified Monitoring Agent configurations are secured using the Dynamic Group feature from IAM. For more information, see Selecting Target Hosts with Dynamic Groups.
In addition, agent configuration updates are securely processed only by authorized users. After any update is made, the logging backend propagates the update to the agent itself.
Furthermore, OCI personnel can't interject an update call made to the Unified Monitoring Agent. This is secured by the user principle (the user's IAM), without which no update can be accessed or changed.