Hi all, I’m sorry if these are super basic but this is my first step into the world of logging. We run a WiFi system on a holiday park and are having some issues which, although the wireless access points are capturing on its internal storage they’re being over written before we can get to them. My plan is as follows but I’d like to know if this is possible.
I’d like to build a cloud based graylog server using graylog open on Ubuntu server running in a cloud environment such as digital ocean or vultr.
I’d like to capture logs from multiple wireless access points on multiple parks and send everything to my new cloud graylog server.
My questions are, 1) is it possible to send syslog data to a cloud server as well as to a local syslog server? 2) will logs be sent in clear text or will I have any options to send encrypted? 3) Would each wireless access point have to send to a different port or will the graylog server be able to receive data from multiple devices on the same port and be able to filter the source itself?
Hey, nice that you have found your way in the Graylog Community. A cloud is also just someone else’s computer. So you can take the usual approach. Encrypted communication is always possible with the help of TLS. But keep in mind that TCP TLS can cause a lot of traffic (3-way handshake, …). The readability of the logs depends on the devices used. You may have to build an extractor yourself to see what you want.
It is cheaper to host it yourself. for me personally 1TB is enough for 1,280,000,000 logs, which corresponds to about 16 days for me. but I also have a larger logging infrastructure. A server for this environment would undercut the price of cloud rental
So will logs be sent in clear text or will I have any options to send encrypted? Also, would each wireless access point have to send to a different port or will the graylog server be able to receive data from multiple devices on the same port and be able to filter the source itself?
If they can be encrypted will depend on the sending device. Graylog supports encrypted traffic, but the devices may not.
Everything can come in the same port, Graylog will know they are coming from different devices.