AWS Load Balancer

Had a quick search but couldn’t see posts directly related.

Cluster is setup as follows:

1. Graylog nodes x3 (Nginx configured on each for web interface)
2. Mongodb replica (x3 nodes)
3. Elasticsearch x3 nodes

*9 EC2 instances total.

LB sits in front of the 3 Graylog servers.

The problems I am facing are, if I push logs through the ELB on e.g. port 12202 the following happens:

1. I have to add port 12202 (TCP) as a listener on the ELB. There is no option for UDP as a listener so presumably UDP won’t work?
2. If I look at the sources in Graylog they show as the internal IP addresses of the Load Balancer and not the original message source
3. If I look at the actual message received it comes through as the following:

��Y]��%��P�<�3a�5L}�P���9�n(���D��,�+�$�#�

Is the AWS LB not fit for purpose for Graylog?

I tested pushing the logs direct to the external IP of 1 of the Graylog servers which worked well but obviously this defeats the purpose of have a cluster of 3 behind a Load Balancer.

Can anyone help?

Thanks, Matt

Correct. AWS Elastic Load Balancer doesn’t support UDP. If you want to use that, you’ll have to use another software load balancer such as nginx.

Yes, unless the original host is part of the message payload and can be used in the “source” field.

What type of input(s) are you using and how are your clients sending messages to Graylog?

That depends on your use cases and requirements. It’s certainly not the best fit if you want to use UDP-based inputs.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.