Hi all, we have a bunch of servers currently still using graylog-collector (GELF TCP) to ship logs to Graylog. Our Graylog installation consists of two nodes behind a load balancer (TCP, balancing via amount of connections to each Graylog node)
By this I see two problems arising: 1) In case one Graylog node was down (i.e. maintenance) all connections are stuck to the other node until somebody re-balance them manually by interrupting the connections. 2) In case one server starts sending excessive amounts of data (let's call it a denial of service attack ;-) the in-queue on the Graylog node he is connected to starts filling-up. The load does not become balanced over all nodes. In result processing of logs from other nodes connected to the same Graylog node become delayed too. Especially 2) raises my concern as both nodes could cope with the excessive load. I think the main issue are the long-lived TCP connections and the load balancer having no idea about the amount of data flowing through the TCP conenction. Does anybody has an architectural idea to circumvent these issues? KR Xavier -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3a381f81-ed55-4581-b774-91ad26647b77%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
