Trying to setup a graylog cluster on AWS to use for all my logging, but I'm having trouble getting it to work - surely lots of people have this problem but I can't find any docs/forum posts about it!
The documentation has bits that talk about various things, and the graylog-ctl should help a lot, but it clearly misses out all sorts of important areas that need sorting! Can anyone help? What I've got is: graylog-web - a web-interface server graylog-a - a "server", pointed to -b as the "master" graylog-b - a "server" as well - the master, and the original server graylog-data-a - a "datanode" graylog-data-b - a "datanode" Problems are as follows: - There's no apparent way to know what's happening with the elasticsearch cluster, except looking at the /system/indices bit. This is OK so long as it's green, but otherwise how are you to know where a problem lies? It seems for example that if I start data-a before data-b, then they don't connect as a cluster and it goes yellow with 6 shards active and 6 unassigned. Restarting data-a then fixes the problem, but it seems that one of them is a master and needs to start first or something? - It was all working OK with just one server node, but then I added a second node (in this case, graylog-a). This screwed everything up, basically. I simply created a new instance, ran the sudo graylog-ctl set-cluster-master x.y.z command, then reconfigure-as-server, and all should have been well you'd think. I realised that although it configures to talk to mongodb on the master server, mongo isn't actually clustered between the servers, so I think there's still a single point of failure here? I added the relevant port to the firewall and initially all was well, but I assume that if graylog-b (the master) goes down, then the whole thing will. Shouldn't the graylog-ctl command handle setting up mongo as a cluster as well, or is it not that easy? - I then wanted to change the way the indices are setup, so I ran the sudo graylog-ctl set-retention --size=5 --indices=15 command on the master node, but it's not really clear whether this needs to be run there, or on the elasticsearch node(s), or everything? I think the config is stored in mongo, but then it's also in the .conf files?? So I ran it on the second server node, and the whole thing exploded. I got some weird error trying to log in, which I think was caused by the graylog.conf file having different root_user names set between the two servers (this is clearly not copied when you do the cluster-master bit at the start). Having fixed that it then still wouldn't load, but a restart of everything seems to have brought it back together. Argh! All quite complex and would be helpful to have a guide that just explained how it might work and what commands to run on what machine/what you need to do manually. In short, its a nice idea to have the clustering setup using the tools, but it's so hard to know what's going on and there's so little actual documentation, it's a bit useless at the moment - yet could be so good no doubt quite easily! thanks Pete -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
