Hi Jochen, OK sounds good to me then :-)
Cheers, fred On Monday, April 18, 2016 at 5:36:28 PM UTC+2, Jochen Schalanda wrote: > > Hi Fred, > > - How does a stream scale? Do we have some benchmarks available? >> > > Streams are relatively lightweight, depending on the stream rules. In your > case a simple check for the existence of the message or timestamp fields > would be completely sufficient to catch all messages and that's a very > cheap check. So if you're not operating your Graylog cluster at 100% > utilization, creating that catch-all stream should be fine. > > >> - Since we need to catch everything, would that even be the right option? > > > That depends what you want to do with those messages additionally. It's > clearly one viable option for what you've described in your first email. > > > Cheers, > Jochen > > On Sunday, 17 April 2016 20:33:42 UTC+2, Fred Blaise wrote: >> >> Hello all, >> >> Currently running on latest 1.3.x, I have to somehow forward all logs >> events to a proprietary SIEM, preferably unaltered, so that the receiving >> end can apply its own filters and patterns. >> My current architecture is much like the one shown in the graylog's doc >> (prod), including a pair of HAproxy, going down to the graylog-servers. >> >> I am guessing I have 2 options: >> 1. Put a pair of Logstash (or similar) between the HAproxy and the >> graylog-server. The LS would split the traffic before it reaches the >> graylog-server: 1 flow would go straight to the proprietary SIEM, the other >> flow would continue on to the graylog-server >> >> 2. Let the message come down to a stream, catch all of them, and output >> them to the SIEM using a (probably) custom output. >> >> I am actually wondering about option 2. >> - How does a stream scale? Do we have some benchmarks available? >> - Since we need to catch everything, would that even be the right option? >> >> Any other ideas? >> >> Thank you! >> fred >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b66ecdbb-3be8-4c14-8dae-3299ecd0d7dc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
