Is the GELF data stream encrypted? Probably 95% of the reason we even use fluentd/elastic/graylog is to meet the requirement to encrypt the data over the wire. I pretty much do all the filtering and extraction in fluentd on the secure_senders. I think pretty much any government or corporate entity these days has a requirement to encrypt everything over the wire. So I'm a little confused why encryption always seems to be an afterthought or an optional add-on. Even Splunk does a lousy job handling encryption.
On Thursday, November 13, 2014 3:23:19 AM UTC-8, Jochen Schalanda wrote: > > Hi Mark, > > I think the easiest setup for your requirements would be to forward the > messages processed by the locked down Graylog2 server to the "user-facing" > Graylog2 server via the GELF output. This way you could filter messages or > run extractors in exactly one place and just forward the final messages to > the instance users can run searches on. > > If you were sending the log messages to both Graylog2 instances directly, > you would need to set up filters and extractors on both of them and keep > them in sync. > > > Cheers, > Jochen > > Am Mittwoch, 12. November 2014 22:06:48 UTC+1 schrieb Mark Moorcroft: >> >> >> Question for the room: >> >> If I have a need to provide a LOCKED down graylog server for compliance, >> and second one that someone can actually use to do searches and monitor our >> systems. Is it considered a best practice to mirror the outputs from all of >> the systems to two nearly identical VM's? We currently use fluentd to push >> the logs. Or is it better to have one graylog server push (rebroadcast) all >> of it's data to a second one. This is not for failover, but mostly because >> the current graylog authentication setup so severely limits what a "read >> only" user can do unless someone sets up Streams, which I'm virtually >> certain nobody here will take the time to do. I hope this isn't an RTFM >> situation. If so I apologize in advance. It doesn't appear to me that Radio >> has anything to do with this need. >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.