One install across every Linux box, server groups you can actually reason about, and an EU-hosted control plane. The LogPulse agent wraps Vector — the standard collector — so you keep the runtime you trust and skip the management headache.
If you operate a mix of Ubuntu, Debian, RHEL and k8s nodes, you already know the pain: every collector wants its own packaging story, every host needs a separate API key, and adding a new log source means SSH'ing into every box. LogPulse fixes that. Install the agent once with curl, register it against a group, and every config change ripples out automatically on the next poll.
Run the install script with a short-lived enrollment token. It downloads the bundled Vector binary, registers the host against the LogPulse control plane and writes a per-agent credential to /var/lib/logpulse-agent.
Assign the agent to a server group from the UI — prod-edge, staging, db-cluster, whatever you call them. Moving an agent between groups is a one-row update, not a reinstall.
Attach syslog, journald, file, docker or kubernetes inputs to a group. The agent polls every 30 seconds, rewrites its Vector config, and SIGHUPs the runtime — zero log loss, no manual restart.
The LogPulse agent doesn't just ship raw lines. We parse each vendor's format and map it onto a shared data model — authentication, firewall, dns, endpoint, security-event — so the same LPQL query works across every source. Below are a handful of the built-in templates; more roll out continuously.
Authentication
SSH login attempts from syslog — source IP, port, user and success/failure extracted from every Accepted and Failed line.
Audit
Linux audit records routed automatically: USER_LOGIN to authentication, SYSCALL/EXECVE to endpoint, everything else to security-event.
Firewall
FortiGate firewall, UTM and event logs split into traffic and security-event records — source/destination IPs, ports, action and policy ID.
Firewall
PAN-OS CSV decoded into firewall (TRAFFIC) and security-event (THREAT) records — including source user, app-id and zone pairs.
Firewall
filterlog CSV parsed into pass/block decisions with full 5-tuple, interface and direction — ready for firewall data-model queries.
DNS
DNS queries and blocks from UniFi gateways, OpenWRT and Pi-hole — domain, record type and client IP normalised to the dns data model.
Plus sudo, PAM, iptables/ufw, hostapd and Cisco ASA, with more added continuously. Every parser maps onto the same data model so cross-vendor dashboards just work.
Single install script, all major Linux distros. No package repositories to add, no fleet-wide secrets to rotate.
Group hosts the way you already think about them. Attach inputs to groups, not individual hosts.
Enrollment, config polling and heartbeats all stay on api.logpulse.io in Amsterdam. GDPR-friendly by default, no US transit on the management path.
Each host gets its own token. Revoke one agent without rotating the rest, audit who shipped what, and move agents between groups without re-enrolling.
Free to start. 100 MB/day, 7-day retention, no credit card. Install the agent on one host today, scale to the whole fleet whenever you're ready.
Create your free accountWe use cookies to analyze site traffic and improve your experience. No cookies are placed without your consent. Privacy Policy