Anyone have highly available forwarders deployed? Looking for the 'best' solution.
Hate to drop logs during maintenance cycles, even if it's only 3-5 minutes worth...
Any suggestions appreciated.
Going with a Baracuda 540.
I would imagine a load balancer would be your best bet. If you have to perform maintenance to your forwarders if you do them one at a time the load balancer would see the device as down and send the traffic to an available forwarder.
No load balancer, at the moment. Looking for suggestions on type: Hardware/Software, and possibly examples of live configs that work well.
Do you have a load balancer in your environment? If so, you just put the same forwarder config on 2 different machines. Point the firewalls at the balancer, balancer at the forwarders, and the forwarders will send the data to the indexers.
I agree... but load balancing is easy when we're talking Indexers... I've done that. Load balancing the Forwarder(s) is uncharted territory, for me, though...
Anyone have a working, balanced, Forwarder config they can recommend?
Thanks!
Why not saving the logs on a NAS and forwarding data from a dedicated silly VM?
My firewalls are sending their logs to Forwarders. Can I either redirect them to a NAS when the Forwarders are rebooting or have the Forwarder access them from the NAS and make the NAS the default?
Not certain I understand...
Thx