Grey Matter Sidecar

The Grey Matter Sidecar is a L7 reverse proxy based off of the popular Open-Source Envoy Proxy. Grey Matter's proxy enhances the base capabilities with custom filters, logic, and the ability for developers to write full-featured Envoy filters in Go.

Fabric Mesh

The primary use of the Grey Matter Sidecar is to act as the distributed network of proxies in the Grey Matter Fabric service mesh. In this use-case; each proxy starts out with very simple configuration, which is then modified by the control plane to suit the changing needs of the network. The documentation here is focused on the individual proxy itself; low-level configuration, filter specifications, etc.

How does event auditing work?

Individual Service

At the level of the individual service, event auditing works as follows:

  1. One proxy collects all metrics that happen on the individual service.

  2. At the Edge, they extract the PKI/cert.

  3. The user that has accessed the service from outside Fabric is then decomposed based on one of the observable fields emitted by the Sidecar proxy.

  4. This information, coupled with IP address information from the originating request, is added to the stack of the xForwardedForIp information.


At the service-to-service level, the sidecar tracks service-to-service calls within Fabric. This enables architecture inference and service dependency observation.

Observable Indexer

Grey Matter also has an observable indexer which can capture geolocation info and move it into Elasticsearch. Customizable event mappings are also available. These can be tailored per individual route so that a POST request may result in an EventAccess event in one route, while resulting in EventCreate on another.

Note: payload can be delivered via Kafka or a log file. Beyond Kafka, Grey Matter can also support SS2 and direct logging. Kafka emits back out to Elasticsearch through the Audit Proxy Observable Consumer.


Have a question about the Grey Matter Sidecar? Reach out to us at to learn more.