How to limit the log size assigned to each device/host in graylog?

Question

I use graylog for log management. logs send from multiple host to graylog, I want:

1- limit storage that allocate to per host
2- limit number of logs received from any host

e.g:

1- if total size is 250GB, max size of host1 log is 100 GB, host2 100 GB and host3 50GB

2- if graylog process 5000 msg/s, max log rate that host1 can send is 3000 msg/s, host2 is 1500 msg/s, host3 is 100 msg/s

Obligatory hint to use https://community.graylog.org/ for better specialized reach. — joschi, Jul 02 '18 at 07:00

score 2 · Answer 1 · answered Jul 02 '18 at 07:02

2

You can use an individual index set for each device you have. Within an index set, you can configure the rotation and retention strategies for the data it contains.

See http://docs.graylog.org/en/2.4/pages/configuration/index_model.html for more details.

answered Jul 02 '18 at 07:02

joschi

12,746
4
44
50

Thanks, but this solution can not solved my problems, because write to index sets is not active at the same time. – Meysam Rahimi Jul 04 '18 at 07:01
e.g: index1 for host1, index2 for host2, then if log received from host1, index1 handle it and if log received from host2 then index2 handle it, in this state by rotation and retention strategies can handle size of logs. – Meysam Rahimi Jul 04 '18 at 07:15

How to limit the log size assigned to each device/host in graylog?

1 Answers1