Had a quick search but couldn’t see posts directly related.
Cluster is setup as follows:
- Graylog nodes x3 (Nginx configured on each for web interface)
- Mongodb replica (x3 nodes)
- Elasticsearch x3 nodes
*9 EC2 instances total.
LB sits in front of the 3 Graylog servers.
The problems I am facing are, if I push logs through the ELB on e.g. port 12202 the following happens:
- I have to add port 12202 (TCP) as a listener on the ELB. There is no option for UDP as a listener so presumably UDP won’t work?
- If I look at the sources in Graylog they show as the internal IP addresses of the Load Balancer and not the original message source
- If I look at the actual message received it comes through as the following:
Is the AWS LB not fit for purpose for Graylog?
I tested pushing the logs direct to the external IP of 1 of the Graylog servers which worked well but obviously this defeats the purpose of have a cluster of 3 behind a Load Balancer.
Can anyone help?