I am in the process of setting up a logserver for our project and Graylog seems to be a great solution for us…
We have three environments (DEV, QA and PROD) which I want to analyze using Graylog.
These (AWS) environments are completely isolated from each other.
Any question would be:
Option 1: Should I set up one central Graylog server somewhere and expose at least the API port to the Internet so that the three environments can send their logdata there?
Option 2: Set up a completely separated Graylog instance in each environment, eliminating the need to expose anything to the Internet as everything would be done internally inside each environment
If Option 1 would be the better one: Can (and how?) I easily separate all the logs/analyses by environment (DEV, QA, PROD) in the Graylog UI? So that I have three different “tenants” in the one server?
if servers of (DEV, QA,PROD) be in local datacenter or in the cloud. your answers to questions 1&2 are correct. by helping stream/pipeline modules you can separate completely logs of three part for related teams
Hello Bahram,
thanks for your reply!
But if I read that correctly, Graylog is not really “tenant”-capable, but I have to use some trick to really have the data separated right?
Perhaps I will go with three different Graylog server for the beginning… Or did I miss something?
Thanks so much!
you can have a central server for all (DEV,QA,PROD) or for each one a independent server .
anyway you don’t miss anything.
this scenario are completely depend on network topology and received messages per second
Currently we have two clusters running , where one is dedicated to Production and other for Non production environments since we want full segregation of production environment.
Also, it can give us some flexibility and learn possible lessons when a upgrade or change goes wrong on the Non PRD graylog cluster. So, i would strongly advise segregated or at least have a dedicated cluster for production.
