Agent Management Overview

To ingest events from your applications into your custom log, you can install the Oracle fluentd-based agent. This agent allows you to control exactly which logs you want to collect, how to parse them, and more.

Note

The Unified Monitoring Agent is a fully managed agent, and custom client configuration isn't officially supported. For example, gathering logs from remote sources isn't recommended, because doing so can have serious security implications (because the log source can't be verified).

Oracle Cloud Infrastructure Logging includes Agent Configurations to enable and manage the agent for a set of supported operating systems. Agent Configurations give you a central experience to easily configure what custom logs you want to ingest across your fleet of hosts. The following are the supported operating systems for agent configurations:

OS non-FIPS FIPS ARM
Oracle Linux 7 Yes Yes Yes
Oracle Linux 8 Yes Yes No
CentOS 7 Yes Yes No
Windows Server 2012 R2 Yes No No
Windows Server 2016 Yes No No
Windows Server 2019 Yes No No
Windows Server 2022

No

Note: See this known issue for more information.

No No
Ubuntu 16.04 Yes No No
Ubuntu 18.04 Yes No No
Ubuntu 20.04 Yes No No

See Installing the Agent for instructions on obtaining the installation files for each OS.

Note

For Linux, only register Linux-specific input types, such as "Log Path", for a dynamic group that includes only a Linux instance. For Windows, only register Windows-specific input types, such as "Windows event log", for a dynamic group that includes only a Windows instance. Otherwise, the Unified Monitoring Agent malfunctions if you register a Windows input type for a Linux instance, and vice versa.

Unified Monitoring Agent and Agent Configuration Security

Unified Monitoring Agent configurations are secured using the Dynamic Group feature from IAM. For more information, see Selecting Target Hosts with Dynamic Groups.

In addition, agent configuration updates are securely processed only by authorized users. After any update is made, the logging backend propagates the update to the agent itself.

Furthermore, OCI personnel can't interject an update call made to the Unified Monitoring Agent. This is secured by the user principle (the user's IAM), without which no update can be accessed or changed.