Hello all, Currently running on latest 1.3.x, I have to somehow forward all logs events to a proprietary SIEM, preferably unaltered, so that the receiving end can apply its own filters and patterns. My current architecture is much like the one shown in the graylog's doc (prod), including a pair of HAproxy, going down to the graylog-servers.
I am guessing I have 2 options: 1. Put a pair of Logstash (or similar) between the HAproxy and the graylog-server. The LS would split the traffic before it reaches the graylog-server: 1 flow would go straight to the proprietary SIEM, the other flow would continue on to the graylog-server 2. Let the message come down to a stream, catch all of them, and output them to the SIEM using a (probably) custom output. I am actually wondering about option 2. - How does a stream scale? Do we have some benchmarks available? - Since we need to catch everything, would that even be the right option? Any other ideas? Thank you! fred -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3de18533-bd40-4791-9adc-c45461954b59%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
