1

We are currently setting some hosts to forward their logs via rsyslog and omelasticsearch to an elasticsearch cluster. The manual for omelasticsearch seems to allow only one server name of the ES cluster to be configured, which would be a single point of failure.

How can one configure the logging to log to any node of the ES cluster and not only to one so it is resistant to failures of one node?

Currently we have configured a shared ip for the ES cluster and use that as server name (and this works). Can omelasticsearch use multiple hosts?

Martin Schröder
  • 315
  • 1
  • 5
  • 24

1 Answers1

1

I suppose you can do that only with HAproxy or any other balancer. Configuring VIP is not excellent idea because in such case it can't help you to increase write operations.

Even more you can install local HAproxy (on 127.0.0.1) with list of all ES cluster nodes and redirect all requests of rsyslog to it. In such case you will not have HAproxy as a bottleneck in this scheme if you have a lot of such rsysloges.

PS. Latest rsyslog can work with lists of servers. Starting from 8.23.0 https://github.com/rsyslog/rsyslog/blob/master/ChangeLog

ipeacocks
  • 321
  • 1
  • 3
  • 10