Question for the room: If I have a need to provide a LOCKED down graylog server for compliance, and second one that someone can actually use to do searches and monitor our systems. Is it considered a best practice to mirror the outputs from all of the systems to two nearly identical VM's? We currently use fluentd to push the logs. Or is it better to have one graylog server push (rebroadcast) all of it's data to a second one. This is not for failover, but mostly because the current graylog authentication setup so severely limits what a "read only" user can do unless someone sets up Streams, which I'm virtually certain nobody here will take the time to do. I hope this isn't an RTFM situation. If so I apologize in advance. It doesn't appear to me that Radio has anything to do with this need.
-- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
