Graylog 2 Relay/Proxy


(Greg Smith) #1

Hello,
Does anyone use a proxy or relay for there Graylog Server/s?

Example:
In Germany there are nodes that are sending log/s to Graylog Cluster in that LAN,also in the USA there are nodes that are sending log/s to Graylog Cluster in that LAN. This is the same company. I was wondering if anyone has an idea of sending logs from Germany by some type of proxy to the USA destination? Or what kind of setup should I use for a situation like this?

Any help would be much appreciated.
Thank you


#2

Generally VPNs are considered in such situations. But if you insist on sending raw logs through internet, you can just forward needed ports on your router, like you do it for any other server. In this case it’s strongly recommended to encrypt your logs, by using a protocol that supports encryption, like gelf or beats


(Greg Smith) #3

maniel,
I was thinking of the same setup . I was just curious is there was something out there made just for Graylog (aka Graylog-Proxy) that would send a single steam of data (i.e. encrypted) from point A to Point B.
Thank you for your reply


(Jan Doberstein) #4

Why not use a queue like amqp for messages from remote locations?


(Greg Smith) #5

jan,
After researching AMQP, I found RabbitMQ.
Perhaps this might be my relay system I’m looking for.
It states that RabbitMQ is a message broker: it accepts and forwards messages.
I’m going to test this in a lab environment. Then connect multiple nodes sending syslogs messages to RabbitMQ and see if it will forward it to my Graylog2 Cluster. I perfer using Graylog to monitor and store my syslogs just need a application to collect and send to my graylog cluster.
Thank you


(Jan Doberstein) #6

Hej Greg,

you might want to read here: at the marketplace to get some inspiration.

If you like to test first with some RabbitMQ - look at cloudamqp you can spin up some limited queues for test …


(Greg Smith) #7

jan,
Thank you, this is great…


(Greg Smith) #8

jan,
Using rabbitMQ works great, thanks for the tip. Much appreciated