I have a single Graylog instance running in a production environment, which I need to upgrade to version 4.
I have a spare server but I cannot make a cluster because I do not have 3 servers in total.
The question then becomes how can I upgrade Graylog 3.x to 4.x ( also upgrade Java but not elasticsearch/mongo) without losing logs.
It would be acceptable if I could queue up the logs somehow and process them when graylog has been upgraded but dropping logs in not acceptable.
Many thanks
I don’t think this is going to be possible. Without redundancy, I think you’re going to have to do downtime.
Perhaps your sources can queue until the Syslog is available?
Or send to another Syslog while you upgrade?
Thank you, Zach.
Hi
Thank you for your reply.
Suppose I want to use the spare server as a cache. What would I do. Set up syslog there… and…?
I’m a bit vague on the details (sorry going through a migraine attack at the moment).
Let’s say I want to create a 30 minute buffer
so that I can buffer incoming logs for 30 minutes before I want to send them to the graylog
Any ideas?
Many thanks
The Andy
Check to see if your sources support queueing, my guess is they don’t.
Spin up a very simple syslog server, probably something on Windows, that just put the data to .txt files. Run your upgrade and import the into Graylog when done.
I don’t think any of this is a good idea and probably won’t work. I’m not sure you’ll be able to upgrade on a single node w/o downtime. This would be the case on any single node system, Graylog or otherwise.
If it’s that critical, it really need to be multi-node/highly available.
@Andy.Pieters
What version of ES and MongoDB do you have? If you have the latest of ES 3.x and MongoDB 4.2 on your Graylog 3.x the upgrade to Version 4 should be very quick. I had ES 6.8 ( latest) and MongoDB 4.2 with my Graylog 3.x and all I did was apply the new repo and installed graylog-server 4. This took less then 2 minutes. There were logs in my journal that had to be processed from restarting my graylog service but that didnt take long which all depends on your server setup.
If thats not feasible, judging from what you want to do,
As @dickinsonzach suggested
Create a another graylog server and point all your graylog client there and when you done adjust your client/s back. On your temporary Graylog server, send the stored log back to your origanal Graylog server. This seams labor intensive to me, but it could work.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
