Solved: Highly Available Forwarder?

garyewhite · ‎03-14-2014

Anyone have highly available forwarders deployed? Looking for the 'best' solution.
Hate to drop logs during maintenance cycles, even if it's only 3-5 minutes worth...
Any suggestions appreciated.

garyewhite · ‎03-17-2014

Going with a Baracuda 540.

View solution in original post

garyewhite · ‎03-17-2014

Going with a Baracuda 540.

antlefebvre · ‎03-14-2014

I would imagine a load balancer would be your best bet. If you have to perform maintenance to your forwarders if you do them one at a time the load balancer would see the device as down and send the traffic to an available forwarder.

garyewhite · ‎03-17-2014

No load balancer, at the moment. Looking for suggestions on type: Hardware/Software, and possibly examples of live configs that work well.

antlefebvre · ‎03-14-2014

Do you have a load balancer in your environment? If so, you just put the same forwarder config on 2 different machines. Point the firewalls at the balancer, balancer at the forwarders, and the forwarders will send the data to the indexers.

garyewhite · ‎03-14-2014

I agree... but load balancing is easy when we're talking Indexers... I've done that. Load balancing the Forwarder(s) is uncharted territory, for me, though...
Anyone have a working, balanced, Forwarder config they can recommend?
Thanks!

rechteklebe · ‎03-14-2014

Why not saving the logs on a NAS and forwarding data from a dedicated silly VM?

garyewhite · ‎03-14-2014

My firewalls are sending their logs to Forwarders. Can I either redirect them to a NAS when the Forwarders are rebooting or have the Forwarder access them from the NAS and make the NAS the default?
Not certain I understand...
Thx

Highly Available Forwarder?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor