Hi Jochen, OK sounds good to me then :-)
Cheers, fred On Monday, April 18, 2016 at 5:36:28 PM UTC+2, Jochen Schalanda wrote: > > Hi Fred, > > - How does a stream scale? Do we have some benchmarks available? >> > > Streams are relatively lightweight, depending on the stream rules. In your > case a simple check for the existence of the message or timestamp fields > would be completely sufficient to catch all messages and that's a very > cheap check. So if you're not operating your Graylog cluster at 100% > utilization, creating that catch-all stream should be fine. > > >> - Since we need to catch everything, would that even be the right option? > > > That depends what you want to do with those messages additionally. It's > clearly one viable option for what you've described in your first email. > > > Cheers, > Jochen > > On Sunday, 17 April 2016 20:33:42 UTC+2, Fred Blaise wrote: >> >> Hello all, >> >> Currently running on latest 1.3.x, I have to somehow forward all logs >> events to a proprietary SIEM, preferably unaltered, so that the receiving >> end can apply its own filters and patterns. >> My current architecture is much like the one shown in the graylog's doc >> (prod), including a pair of HAproxy, going down to the graylog-servers. >> >> I am guessing I have 2 options: >> 1. Put a pair of Logstash (or similar) between the HAproxy and the >> graylog-server. The LS would split the traffic before it reaches the >> graylog-server: 1 flow would go straight to the proprietary SIEM, the other >> flow would continue on to the graylog-server >> >> 2. Let the message come down to a stream, catch all of them, and output >> them to the SIEM using a (probably) custom output. >> >> I am actually wondering about option 2. >> - How does a stream scale? Do we have some benchmarks available? >> - Since we need to catch everything, would that even be the right option? >> >> Any other ideas? >> >> Thank you! >> fred >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b66ecdbb-3be8-4c14-8dae-3299ecd0d7dc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
