Graylog 2.4.3 - Problem with GELF Output

Hi there:

I’ve got 2 Graylog servers (let’s say graylog_1 and graylog_2) where graylog_1 has a standard syslog input (UDP). There’s a stream with a basic rule defined and then, over that stream, a GELF output forwarding messages to server graylog_2, which in turn has a GELF TCP input to receive forwarded messages from graylog_1. Maybe is also worth mentioning that there’s a pipeline rule defined and applied to the stream to “re-format” messages.

Everything works as expected.

The issue comes when I shutdown server graylog_2. From that moment on, no messages are displayed in graylog_1 anymore. Furthermore, even after bringing graylog_2 back on line, the problem doesn’t go away. The only workaround to get everything working again is to restart graylog_1 too.

This seems a bit weird to me. Has anyone come across a similar problem before?

Thanks!

Juan.

please open a bug report for that:

I know technical the reason for that behavior but that is nothing you can solve.

The Output Management is done in serial and the messages are only deleted when it is successfully delivered to the targets. If you use the output via TCP the connection and the transfer need to be successful. So in your described situation, it would have resolved itself after time.

But that is a Bug - maybe you just need to upvote a given issue.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.