Graylog Nginx Load Balancer Conf


(Mohammed Nayeem) #1

Graylog Version = graylog:2.3.0
Mongo Version = mongo:3.6
Elasticsearch Version = elasticsearch:6.6.1

  • We created the above graylog production setup. Elasticsearch and Graylog clusters are working fine.

  • If we push any logs to individual graylog server then it’s receiving well.

  • The problem we are facing in the nginx conf. We are trying to send logs through nginx load balancer. Our configuration is given below.

upstream graylog_server {
server 190.10.0.41:9000 fail_timeout=30s;
server 190.10.0.42:9000 fail_timeout=30s;
server 190.10.0.43:9000 fail_timeout=30s;
}

server {
listen *:80;
server_name graylog.company.info;
client_max_body_size 0;
keepalive_timeout 5;

access_log /usr/local/openresty/nginx/tmp/logs/access-$host.log combined;
error_log /usr/local/openresty/nginx/tmp/logs/access-error-graylog.log;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;

if (!-f $request_filename) {
    proxy_pass http://graylog_server;
    break;
}

}
}


(Jochen) #2

Graylog 2.x doesn’t support Elasticsearch 6.x.

Please refer to the system requirements listed in the documentation:
http://docs.graylog.org/en/2.4/pages/installation.html#system-requirements


(Mohammed Nayeem) #3

The documentation is not explicitly mentioning that 2.3 graylog will not support elastic 6.6 version. The setup is working for us. The question is how to setup the nginx as a load balancer which can redirect our application sending logs over UDP port via Nginx. Has anyone done such a setup? Or should we use a different loadbalancer?


(Jochen) #4

Yes, because Elasticsearch 6.x wasn’t released when Graylog 2.3.x was released. :wink:

It’s explicitly mentioned in the system requirements of Graylog 2.4.x (which is the latest stable version of Graylog which you should use for a new setup).


#5

For UDP forward put this outside the http {} config section

stream{
    tcp_nodelay on;
    upstream graylog_2010 {
        server SERVER1:2010;
        server SERVER2:2010;
    }

    server {
#TCP if you need
        listen 2010;
        proxy_pass graylog_2010;
    }

    server {
        listen 2010 udp;
        proxy_pass graylog_2010;
#do not wait for response
        proxy_responses 0;
    }

}


(Mohammed Nayeem) #6

Nginx throws an error!

invalid parameter “udp”


#7

where do you put the stream{} section?

If you share your config maybe someone will see the error…


(system) #9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.