QUESTION

How to install and configure the Panther Log Forwarder

ANSWER

The Panther Log Forwarder is a lightweight agent for forwarding logs from on-premises file and syslog sources to Panther. It runs on Linux hosts with systemd and is available starting from Panther version 1.121 (open Beta, no feature flag required).

Output methods

• Log Forwarder source (recommended) — create this source type in Configure > Log Sources in the Panther Console. The setup wizard auto-provisions infrastructure and generates a ready-to-use agent config.

• Custom S3 source (alternative) — use this if you prefer to retain raw logs in your own S3 bucket before Panther ingests them.

Installation and configuration

For full installation steps, configuration reference, and prerequisites, see the Panther Log Forwarder documentation.

Verifying ingestion

Once the agent is running, confirm logs are landing in Panther by:

1. Checking the health indicator on your Log Forwarder source under Configure > Log Sources

2. Running a search in Investigate > Search against your log schema for the relevant time window

Limitations

• Requires a Linux host with systemd. macOS and Windows are not supported.

• Currently in open Beta — feature availability may change between releases.