Agent fleet

One agent. Every server. Full control.

One install across every Linux box, server groups you can actually reason about, and an EU-hosted control plane. The LogPulse agent wraps Vector, the standard collector, so you keep the runtime you trust and skip the management headache.

Run the whole fleet from one place.

One install, server groups you can reason about, and an EU-hosted control plane, wrapped around Vector, the collector you already trust.

Install once

One command. Every box reporting in.

Pipe-to-shell drops the agent on any Linux host. It registers itself, joins its group and starts shipping, with no per-box config to babysit.

bash
$ curl -fsSL https://logpulse.io/install.sh | sh
✓ agent installed
✓ registered to group: web-tier
web-01connected
web-02connected
db-01connected
Groups, not filesets

Manage tiers, not config files.

Group servers by what they are, pick their inputs from a catalogue, and roll a change to the whole tier at once, from one EU-hosted control plane.

Fleetcontrol plane
web-tier· 12 agentshealthy
nginxjournald
db-tier· 4 agentshealthy
postgresql
edge· 6 agents1 updating
syslogfile
Standard runtime

The collector you trust, finally easy to run.

The agent wraps Vector, the open, standard collector, so you keep the runtime and VRL you know and skip the fleet-management headache.

Runtime
LogPulse control planeEU-hosted
Vector· the standard collector
VRL transformsyour sourcesyour sinks
keep the runtime you trust, skip the management

Built for Platform Engineering teams running mixed Linux estates

If you operate a mix of Ubuntu, Debian, RHEL and k8s nodes, you already know the pain: every collector wants its own packaging story, every host needs a separate API key, and adding a new log source means SSH'ing into every box. LogPulse fixes that. Install the agent once with curl, register it against a group, and every config change ripples out automatically on the next poll.

How it works

1. Install with one curl

Run the install script with a short-lived enrollment token. It downloads the bundled Vector binary, registers the host against the LogPulse control plane and writes a per-agent credential to /var/lib/logpulse-agent.

2. Drop it in a group

Assign the agent to a server group from the UI: prod-edge, staging, db-cluster, whatever you call them. Moving an agent between groups is a one-row update, not a reinstall.

3. Inputs flow automatically

Attach syslog, journald, file, docker or kubernetes inputs to a group. The agent polls every 30 seconds, rewrites its Vector config, and SIGHUPs the runtime: zero log loss, no manual restart.

More than collection: parsing and data modeling included

The LogPulse agent doesn't just ship raw lines. We parse each vendor's format and map it onto a shared data model (authentication, firewall, dns, endpoint, security-event) so the same LPQL query works across every source. Below are a handful of the built-in templates; more roll out continuously.

OpenSSH

Authentication

SSH login attempts from syslog: source IP, port, user and success/failure extracted from every Accepted and Failed line.

authentication

Linux auditd

Audit

Linux audit records routed automatically: USER_LOGIN to authentication, SYSCALL/EXECVE to endpoint, everything else to security-event.

authenticationendpointsecurity-event

Fortinet FortiGate

Firewall

FortiGate firewall, UTM and event logs split into traffic and security-event records: source/destination IPs, ports, action and policy ID.

firewallsecurity-event

Palo Alto PAN-OS

Firewall

PAN-OS CSV decoded into firewall (TRAFFIC) and security-event (THREAT) records, including source user, app-id and zone pairs.

firewallsecurity-event

pfSense / OPNsense

Firewall

filterlog CSV parsed into pass/block decisions with full 5-tuple, interface and direction, ready for firewall data-model queries.

firewall

UniFi gateway

Firewall

fleetPage.templates.items.unifi-firewall.description

firewall

dnsmasq

DNS

DNS queries and blocks from UniFi gateways, OpenWRT and Pi-hole: domain, record type and client IP normalised to the dns data model.

dns

Plus sudo, PAM, iptables/ufw, hostapd and Cisco ASA, with more added continuously. Every parser maps onto the same data model so cross-vendor dashboards just work.

Why a fleet model

One curl, every host

Single install script, all major Linux distros. No package repositories to add, no fleet-wide secrets to rotate.

Logical server groups

Group hosts the way you already think about them. Attach inputs to groups, not individual hosts.

EU-hosted control plane

Enrollment, config polling and heartbeats all stay on api.logpulse.io in Amsterdam. GDPR-friendly by default, no US transit on the management path.

Per-agent credentials

Each host gets its own token. Revoke one agent without rotating the rest, audit who shipped what, and move agents between groups without re-enrolling.

Get logs flowing in under five minutes

Free to start. 100 MB/day, 7-day retention, no credit card. Install the agent on one host today, scale to the whole fleet whenever you're ready.

Create your free account
1 GB/day · 30-day retention · No credit card

We use cookies to analyze site traffic and improve your experience. No cookies are placed without your consent. Privacy Policy