I have been handed over a Graylog server which has no backups set up and would like to do a daily/weekly backup to another server.
I am mainly interested in the configurations, dashboards, pipelines/rules, extractors… rather than the data itself, but having a full backup would also help. Basically, what I need to make sure is in case of failure I can just build a new server and restore the old server’s data on to it without having to reconfigure anything or create dashboards, etc. again.
A graylog system work with 3 components.
You should backup each one.
Generally - backup each config file.
Mongodb - contains the graylog settings., you can backup with mongodump
Elasticsearch - contains the logs - you can check elastic snapshots or elasticdump
Graylog - You need the config file only.
I imagine that with your setup (13TB a month) you’re not going for anything special in the Elastic backups, are you? Our logs are much, much smaller so we’re basically grabbing snapshots of our VMs from time to time, relying upon Elastic’s replication for actual higher availability of the data.