Linux Agent for SIEM Log Collection | Voters

Linux Agent for SIEM Log Collection

future planned

David Brindley

I am interested in deploying a Linux agent to collect SIEM logs. It would be beneficial if this feature could be included when Linux support for EDR is rolled out, as it would streamline the process of managing logs across different operating systems.

Created by Autopilot

July 3, 2025

Justin Smith

Another bump on this thread. It's not just a nice to have feature, it's fundamental for Syslog collection. I agree with a few of the other comments. The need for linux-based syslog collectors is fundamental and the capability to do it on an ARM-linux device would be a major bonus.

Matthiew Morin (Huntress)

Merged in a post:

Linux Agent as Syslog Collector (Feature Request)

Ruben Castello

Hello Huntress team,
Currently, Syslog collector functionality is only available on the Windows agent. This forces us to depend on customer-managed Windows systems, which are often unstable, changing, or outside our control.
We need the Linux agent to support Syslog collection and forwarding to the SIEM, equivalent to the Windows implementation. This would allow a consistent, portable, and MSP-controlled deployment model.

4 days ago

Matthiew Morin (Huntress)

Merged in a post:

Linux Log collector

Tim Bixley

Would be great to not require a windows device to be a log collector for clients that have no onprem servers anymore but would still like network device logs etc collected.

Even via a Raspberry Pi or similar so less investment than a NUC.

4 days ago

Dax Lassiter

Windows nodes are becoming a pain to manage. We'd much prefer to have a Linux agent act as the SIEM Collector going forward. This would be a huge feature for us.

Michael Barker

Yeah this would be huge, a lot of clients are operating decentralized and not requiring a server in their office so a system needs to be deployed, linux is lightweight, can be secured, and not turned obsolete because of a feature a certain company wants to put in that no one asked for making your hardware obsolete.

Being able to deploy a pi or basic linux system as a log collector would go a long way to making this easier to deploy and standardize.

Matthiew Morin (Huntress)

marked this post as

future planned

Jonas Schirmer Hanssen

It would be very beneficial if we can setup some simple linux-based machines on-site that acts as firewall log collectors.

Matthiew Morin (Huntress)

Merged in a post:

Support for forwarding Linux syslogs to SIEM

Mike Knight

I would like to forward syslogs from a Linux server over 514/udp to a collector. Currently, there is no support or documentation available for sending these logs from the Huntress portal. It would be beneficial to have this capability to enhance data collection and integration with existing systems.

October 13, 2025

Matthiew Morin (Huntress)

Merged in a post:

Linux Agent SIEM Collector

Andrew Brookfield

It would be good to see Linux agents to have the ability to be enabled as a syslog collector as we could utilise a Raspberry Pi on-prem for customers if lacking a permanent on-prem device.

October 13, 2025

Cody Arnold

+1, this would be nice to have.

→