I'm currently in the process of altering mi current graylog2 installation with the coming of v0.20 and I'm looking into a backup strategy.
Right now I have something like: devices -> rsyslog -> logstash -> graylog2 -> elasticsearch. I use rsyslog to receive the logs write them to file, logstash reads them and send them to graylog2. I mainly use rsyslog for the ease of archiving the original log files in a compressed format to save space. I'm thinking of removing Rsyslog and receiving the logs directly in logstash, this could help some in improving performance since I'm not writing and reading from disk in the first step, but I need a way to store the logs for long term archival and leaving the elasticsearch indexes closed uncompressed would take a lot of space. So I'm asking what would be a good alternative to what I have now. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
