RECIPE

Log Aggregation

Centralize structured event streams from every Meridian-protected process into a single queryable pipeline. Ship logs to your SIEM, object store, or local collector without touching the loader.

Overview

Meridian emits JSON-line events for license checks, integrity faults, debugger detections, and heartbeat pings. The aggregation recipe wires these events into a unified stream so your SOC or analytics stack can consume them in real time.

Transport Options

UDP Fire-and-Forget

Minimal latency. Best-effort delivery to a local collector on a trusted segment.

Unix Domain Socket

Reliable, in-order delivery to a sidecar process on the same host.

Named Pipe

Windows-native IPC. Works with any collector that speaks named-pipe streams.

HTTP Batch

Periodic flush to an HTTPS endpoint with HMAC-signed payloads.

Event Schema

{
  "ts": "2026-05-26T14:31:02.441Z",
  "pid": 8840,
  "event": "integrity_fault",
  "detail": { "section": ".text", "hash_mismatch": true },
  "session": "d4e5f6a7-b8c9-..."
}

Every event carries a monotonic timestamp, process ID, event type, and a session UUID that survives license refresh.

Quick Start

  1. Choose a transport and spin up a collector (Vector, Fluent Bit, or the Meridian sidecar).
  2. Set the MERIDIAN_LOG_TRANSPORT environment variable.
  3. Point the loader at your collector endpoint via the license payload config block.
  4. Verify events land in your SIEM or dashboard within the configured flush interval.

Need the sidecar collector binary or a pre-built Vector config?

Browse Docs