The topic of reference architectures keeps coming up with Log Insight so I thought I would cover it over a series of blog posts. In this post, I will start with the basic concepts.
Components
Log Insight support the following components today:
- Server: A server used for ingestion and query at a minimum though could be used for selective event forwarding
- Forwarder: A server used for ingestion and event forwarding though typically not query
- Agent: A way to send events on particular clients to a server, forwarder or third-party syslog destination
Deployments
In the case of a server or forwarder you could either have a standalone instance or a clustered instance. A clustered instance requires a load balancer and Log Insight offers an integrated load balancer.
Input/Output
Of course you need to be able to get data into Log Insight as well as data out of Log Insight. The supported options today are listed below.
- Ingestion: Syslog = TCP/514, TCP/1514, UDP/514, Ingestion API (CFAPI) = TCP/9000, TCP/9543
- Query: Web = 80/443
Summary
In this post, I discussed the Log Insight components, deployments and input/output supported. Next, I will cover the evolution of deployment options and high availability.
© 2015, Steve Flanders. All rights reserved.
