Larger environments especially benefit from Graylog’s fault-tolerant architecture. Expanding the infrastructure to consume high log volumes and ensuring the system is up and available for collection and analysis can all be done with Graylog Enterprise.

How IT WORKS

Using a load balancer, you can have multiple Graylog servers ingesting logs and providing additional interfaces for the analysts. You can configure the MongoDB and Elasticsearch databases to be redundant to ensure no data loss. Additionally, all processing pipelines utilize a message journal, allowing quick collection and storage to disk in case of a power loss, so no messages are lost.

Fault tolerance is also built into many of the agents we support via Sidecar. This approach allows hosts to locally spool their logs in case of a network outage, and once the network connection is established, the logs are sent.

Examples

FREQUENTLY ASKED QUESTIONS

  • CAN I MONITOR THE NODE'S HEALTH/STATE?
    Yes, using our REST API, you can query the status of the hosts, with an ALIVE or DEAD response. You can also manually change the state for Zero Downtime upgrades.
  • CAN I HAVE MORE THAN ONE WEB INTERFACE?
    You can have more than one web interface for redundancy purposes, where you can front-end the access with a load balancer or proxy. This architecture also allows for centralized SSL/TLS termination and certificate management.
  • CAN I ADJUST MY JOURNAL SIZE DEPENDING ON MY LOG VOLUME?
    You can adjust your journal size as desired, keeping in mind disk requirements. This flexibility allows for longer network outages or upgrade times, while not losing any messages.
  • WILL I NEED TO CONFIGURE ROLES/PERMISSIONS INDEPENDENTLY AT EACH GRAYLOG SERVER?
    No. All configurations are replicated, including SAML/SSO role mappings.
  • DOES ALL THIS FAULT TOLERANCE INCUR A PERFORMANCE PENALTY?
    No. In fact, when properly configured, it will both increase your ingest performance and decrease the time to return the results of a search.
  • CAN GRAYLOG HANDLE MULTI-SITE REPLICATION?
    Yes. There are multiple ways to provide multi-site replication using Graylog.
  • CAN GRAYLOG NOTIFY ANOTHER SYSTEM IF IT DETECTS A FAULT?
    Yes. Graylog supports multiple notification mechanisms. In version 3.0, Graylog supports actions triggered by an alert that can invoke a script to act outside of Graylog.
  • WHAT OTHER METHODS CAN BE USED TO MAKE MY ENVIRONMENT MORE FAULT TOLERANT?
    Due to Graylog’s open nature and support of other open technologies, you can leverage message queuing technologies to increase your control over the flow of data. You can provide an easier method for developers to deliver logs while increasing fault tolerance.

We've got you covered

Windows
Linux
Unix
JSON,
CSV, TXT
Commercial
Apps
Custom
Apps
Change
Mgmt
Switches
Firewalls
DNS
Routers
DBMS
Storage
Mgmt
Products
Graylog SecurityGraylog OperationsGraylog OpenGraylog CloudGraylog Small BusinessPricing
FEatures
Alerting
Anomaly Detection ML / UEBA
Archiving
Audit Logs
Content Packs
Correlation Engine
Dashboards
Forwarder
GELF
Illuminate
Log View
Multi-threaded Search
Reporting
Rest API
Search Parameters
Search Workflows
Sidecar
Teams Management
Solutions
GovernmentFinTechEducationTelecomHealthcare
Community
Graylog ForumGet Involved
Resources
Resource LibraryBlogVideosWebinarsEventsWhite PapersDatasheetsTech TalksDocumentationTechnical Support
Company
AboutLeadershipSupportPartnerCareersNews & AwardsPrivacy PolicyContact
info@graylog.com

Graylog Headquarters1301 Fannin St, Ste. 2140
Houston, TX 77002

Graylog Colorad0
2101 Pearl St
Boulder, CO 80302

Graylog London
307 Euston Road
London, NW1 3AD
United Kingdom

Graylog Germany GmbH
Poolstraße 21
20355 Hamburg, Germany

© 2022 Graylog, Inc.All rights reserved
Privacy PolicyLegal
CONTACT SALES