We created the above graylog production setup. Elasticsearch and Graylog clusters are working fine.
If we push any logs to individual graylog server then it’s receiving well.
The problem we are facing in the nginx conf. We are trying to send logs through nginx load balancer. Our configuration is given below.
upstream graylog_server {
server 190.10.0.41:9000 fail_timeout=30s;
server 190.10.0.42:9000 fail_timeout=30s;
server 190.10.0.43:9000 fail_timeout=30s;
}
server {
listen *:80;
server_name graylog.company.info;
client_max_body_size 0;
keepalive_timeout 5;
The documentation is not explicitly mentioning that 2.3 graylog will not support elastic 6.6 version. The setup is working for us. The question is how to setup the nginx as a load balancer which can redirect our application sending logs over UDP port via Nginx. Has anyone done such a setup? Or should we use a different loadbalancer?
Yes, because Elasticsearch 6.x wasn’t released when Graylog 2.3.x was released.
It’s explicitly mentioned in the system requirements of Graylog 2.4.x (which is the latest stable version of Graylog which you should use for a new setup).
For UDP forward put this outside the http {} config section
stream{
tcp_nodelay on;
upstream graylog_2010 {
server SERVER1:2010;
server SERVER2:2010;
}
server {
#TCP if you need
listen 2010;
proxy_pass graylog_2010;
}
server {
listen 2010 udp;
proxy_pass graylog_2010;
#do not wait for response
proxy_responses 0;
}
}