Log Insight Reference Architectures Part 1/4

The topic of reference architectures keeps coming up with Log Insight so I thought I would cover it over a series of blog posts. In this post, I will start with the basic concepts.

li-logo

Components

Log Insight support the following components today:

  • Server: A server used for ingestion and query at a minimum though could be used for selective event forwarding
  • Forwarder: A server used for ingestion and event forwarding though typically not query
  • Agent: A way to send events on particular clients to a server, forwarder or third-party syslog destination

li30

Deployments

In the case of a server or forwarder you could either have a standalone instance or a clustered instance. A clustered instance requires a load balancer and Log Insight offers an integrated load balancer.

li30-server-types

Input/Output

Of course you need to be able to get data into Log Insight as well as data out of Log Insight. The supported options today are listed below.

  • Ingestion: Syslog = TCP/514, TCP/1514, UDP/514, Ingestion API (CFAPI) = TCP/9000, TCP/9543
  • Query: Web = 80/443

li30-inputs

Summary

In this post, I discussed the Log Insight components, deployments and input/output supported. Next, I will cover the evolution of deployment options and high availability.

© 2015, Steve Flanders. All rights reserved.

Leave a Reply