Outgrown Your Free Graylog? | 6 Reasons to Upgrade |  Learn more >>>

Free Tools
See Demo
Free Tools
See Demo

Fault Tolerance

Larger environments especially benefit from Graylog’s fault-tolerant architecture. Expanding the infrastructure to consume high log volumes and ensuring the system is up and available for collection and analysis can all be done with Graylog Enterprise.

HOW IT WORKS

Using a load balancer, you can have multiple Graylog servers ingesting logs and providing additional interfaces for the analysts. You can configure the MongoDB and Elasticsearch databases to be redundant to ensure no data loss. Additionally, all processing pipelines utilize a message journal, allowing quick collection and storage to disk in case of a power loss, so no messages are lost.

Fault tolerance is also built into many of the agents we support via Sidecar. This approach allows hosts to locally spool their logs in case of a network outage, and once the network connection is established, the logs are sent.

FREQUENTLY ASKED QUESTIONS

  • CAN I MONITOR THE NODE’S HEALTH/STATE?
    Yes, using our REST API, you can query the status of the hosts, with an ALIVE or DEAD response. You can also manually change the state for Zero Downtime upgrades.
  • CAN I HAVE MORE THAN ONE WEB INTERFACE?
    You can have more than one web interface for redundancy purposes, where you can front-end the access with a load balancer or proxy. This architecture also allows for centralized SSL/TLS termination and certificate management.
  • CAN I ADJUST MY JOURNAL SIZE DEPENDING ON MY LOG VOLUME?
    You can adjust your journal size as desired, keeping in mind disk requirements. This flexibility allows for longer network outages or upgrade times, while not losing any messages.
  • WILL I NEED TO CONFIGURE ROLES/PERMISSIONS INDEPENDENTLY AT EACH GRAYLOG SERVER?
    No. All configurations are replicated, including SAML/SSO role mappings.
  • DOES ALL THIS FAULT TOLERANCE INCUR A PERFORMANCE PENALTY?
    No. In fact, when properly configured, it will both increase your ingest performance and decrease the time to return the results of a search.
  • CAN GRAYLOG HANDLE MULTI-SITE REPLICATION?
    Yes. There are multiple ways to provide multi-site replication using Graylog.
  • CAN GRAYLOG NOTIFY ANOTHER SYSTEM IF IT DETECTS A FAULT?
    Yes. Graylog supports multiple notification mechanisms. In version 3.0, Graylog supports actions triggered by an alert that can invoke a script to act outside of Graylog.
  • WHAT OTHER METHODS CAN BE USED TO MAKE MY ENVIRONMENT MORE FAULT TOLERANT?
    Due to Graylog’s open nature and support of other open technologies, you can leverage message queuing technologies to increase your control over the flow of data. You can provide an easier method for developers to deliver logs while increasing fault tolerance.

We've Got You Covered

Windows

Linux

Unix

JSON, CSV, TXT

Storage Mgmt

Custom Apps

Change Mgmt

Switches

Firewalls

DNS

Routers

DBMS

Commercial Apps

Products

Graylog Security
Graylog Enterprise
Graylog Open
Graylog API Security
Graylog Cloud
Graylog Illuminate
Graylog Small Business
Pricing

Features

Access Control & Audit Logs
UEBA Anomaly Detection
Graylog Content: Illuminate
Data Collection
Data Enrichment
Data Management
Events & Alerts
Investigations
Reports & Dashboards
Risk Management
Scalable Architecture
Search
SOAR

LEARN

Resource Hub
Blog
Videos
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Linkedin Reddit-alien Youtube Github Facebook-f
Graylog Available in AWS Marketplace

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG UNITED KINGDOM

34-37 Liverpool Street, 7th Floor
London, EC2M 1PP
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2025 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap