Deployment Architecture

Where to place Load Balancer for Redundant Heavy Forwarder ans Syslog Collector

ojay
Path Finder

Hi all,

I'm planning an architecture with a redundant Heavy Forwarder and double Syslog collector Servers.

Where do i place a Load Balancer? and how do these Components communicate in terms of Ports and Firewalls? What do i need to plan? 

I cant find the right places to read about this in the documentation.

Thank you for your help in advance.

Oj.

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @ojay,

you have to put the Load balancer in front of the two (or more) Heavy Forwarders.

In other words, you configure on the LB a virtual IP to use as front end to receive syslogs from your appliances.

Then the LB sends these logs to the HFs on the ports you opened.

About ports, you could use the same ports on LB and HFs (e.g. 514).

About firewalls rules, if they are on the same network there isn't any problem, if they are in diferent networks, you have to open the relative routes between LB and HFs.

Remember to configure an heart beat on the HFs so the LB can know if the HFs are alive: e.g. you could create an alert that pings the LB every minute.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...