I just got a general question about the log-files which are stored in graylog/elastic search under /var/log/graylog.
Is it possible to outsource them? For example on a NAS. Or is it not designed to outsource the logs itself again since graylog is a centralized logging server? I’m just asking because we have a NAS which isn’t used by anyone and it would save us some space on the VMware-Cluster.
I’m working on the OVA by the way.
I tried the following, but without success:
- Stopped the graylog-services via graylog-ctl script
- made an copy with cp -a of the directory /var/log/graylog
- deleted all files in /var/log/graylog
- mounted my NAS-SMB-share with RW-permissions in /var/log/graylog
- copied all existing files from the backup-folder to the mountpoint
- started the graylog-services via graylog-ctl script
The services started without an error, but when I logged in on the webinterface I get the following error in the search tab and also the notification that the elastic search cluster is not available.
blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];: cannot GET https://IP-ADDRESS/api/search/universal/relative?query=*&range=300&limit=150&sort=timestamp%3Adesc (500)
Search status code:
Thank you in advance!