Centralized independent architecture

Hello Graylog Community.

I’m planning a new Graylog architecture.

Our needs are to log on premises from the source and to be able to query them locally and on a central node.

A setup like that is needed because, in any moment, we have to be able to disconnect and isolate any node from one another, keeping the ability to access to the local client browser.

The local nodes should be 3, this an example:

What do you suggest?

Hello @soc && Welcome

Are all these DC’s in the same DMZ or are they separate?

  • If there in the same DMZ then one Graylog node would be good.
  • If they are in different DMZ’ you could place a graylog server in each DMZ and forward the log/s to a central Graylog server.

Basically and loosely speaking, turn Graylog server/s into proxy’s and forwarding the log/s to one Graylog server for monitoring.