Getting logs from several servers

psampson · May 28, 2015, 8:08pm

Hi,
I currently have logstash-forwarder running on about 8 servers sending their logs to one logstash instance. I'd like to add this to about a hundred more and I was wondering if it makes sense to have the servers use a shared directory and simply have logstash run off that directory instead of putting logstash or logstash-forwarder on all of them.

My concern with putting logstash on each server is maintaining and updating it across all servers, as I am still fairly new using it and it is likely that changes and updates will be made to it in the near future.

Are there any downsides to using a shared directory or is there a better solution that I am missing?

Thanks!

warkolm · May 29, 2015, 2:24am

This is why using config management, Puppet/Ansible/Chef, makes sense.
Having a single shared logging directory makes some sense, but may not really scale at that level.

You should really be looking to use a broker as well.

psampson · May 29, 2015, 5:15pm

Thanks a lot. I figured there would probably be a better way. Can you suggest some brokers as well?

magnusbaeck · May 30, 2015, 3:07pm

Well, just have a look at what input plugins Logstash supports. That's a major limiting factor anyway. Popular choices include Redis, RabbitMQ, and Kafka.