Hi!
I did successfully setup my first production Graylog cluster (3x Graylog, 3x ES).
Everything is working fine, but I did not find a good solution to
→ I need a loadbalancer
First try: haproxy → not suited for UDP
Second try: nginx → can loadbalance UDP, but does not preserve the source. → RAW-UDP-inputs are showing nginx-IP as source
How do you distribute the load to your cluster-nodes?
Thank you for your help!
KPS
Hello,
I have seen most community members us Nginx.
As for load balancers, We have set Nginx in front of Graylog Web UI for that connection. As for Data/Metadata redundancy this would be configured within Elasticsearch or MongoDb.
I have used my enterprise firewall as a load balancer this would depended on how you configured you environment.
hope that helps
Hi!
I just found a solution to preserve the source IP:
NGINX:
upstream graylog_syslog11524 {
server graylog01:11524 max_fails=3 fail_timeout=30s;
server graylog02:11524 max_fails=3 fail_timeout=30s;
server graylog03:11524 max_fails=3 fail_timeout=30s;
}
server {
listen 11524 udp;
proxy_bind $remote_addr transparent;
proxy_pass graylog_syslog11524;
proxy_timeout 1s;
error_log /var/log/nginx/graylog_syslog_udp11524.log;
}
Nice 
Thanks for posting your resolution to this issue. If you could make it as resolved for future search that would be great.
Thank you, solution-mark is set.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.