Graylog Nginx Load Balancer Conf

Graylog Version = graylog:2.3.0
Mongo Version = mongo:3.6
Elasticsearch Version = elasticsearch:6.6.1

  • We created the above graylog production setup. Elasticsearch and Graylog clusters are working fine.

  • If we push any logs to individual graylog server then it’s receiving well.

  • The problem we are facing in the nginx conf. We are trying to send logs through nginx load balancer. Our configuration is given below.

upstream graylog_server {
server 190.10.0.41:9000 fail_timeout=30s;
server 190.10.0.42:9000 fail_timeout=30s;
server 190.10.0.43:9000 fail_timeout=30s;
}

server {
listen *:80;
server_name graylog.company.info;
client_max_body_size 0;
keepalive_timeout 5;

access_log /usr/local/openresty/nginx/tmp/logs/access-$host.log combined;
error_log /usr/local/openresty/nginx/tmp/logs/access-error-graylog.log;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;

if (!-f $request_filename) {
    proxy_pass http://graylog_server;
    break;
}

}
}

Graylog 2.x doesn’t support Elasticsearch 6.x.

Please refer to the system requirements listed in the documentation:
http://docs.graylog.org/en/2.4/pages/installation.html#system-requirements

The documentation is not explicitly mentioning that 2.3 graylog will not support elastic 6.6 version. The setup is working for us. The question is how to setup the nginx as a load balancer which can redirect our application sending logs over UDP port via Nginx. Has anyone done such a setup? Or should we use a different loadbalancer?

Yes, because Elasticsearch 6.x wasn’t released when Graylog 2.3.x was released. :wink:

It’s explicitly mentioned in the system requirements of Graylog 2.4.x (which is the latest stable version of Graylog which you should use for a new setup).

For UDP forward put this outside the http {} config section

stream{
    tcp_nodelay on;
    upstream graylog_2010 {
        server SERVER1:2010;
        server SERVER2:2010;
    }

    server {
#TCP if you need
        listen 2010;
        proxy_pass graylog_2010;
    }

    server {
        listen 2010 udp;
        proxy_pass graylog_2010;
#do not wait for response
        proxy_responses 0;
    }

}

Nginx throws an error!

invalid parameter “udp”

where do you put the stream{} section?

If you share your config maybe someone will see the error…

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.