使用 nginx 进行 UDP 转发 [英] UDP forwarding with nginx

问题描述

我有一个主系统日志服务器，它从多个来源接收系统日志，我想将这些日志发送到 Graylog 集群.为了帮助集群跟上(在一些速度较慢的虚拟机上)，我需要能够将消息负载平衡到 Graylog，因为有时它们来自端点的大量块(有些每 10 秒突发发送 5k 日志).

I have a main syslog server that is receiving syslog from several sources, and I want to send those logs to a Graylog cluster. To help the cluster keep up (on some slow VMs), I need to be able to load balance the messages to Graylog, as sometimes they come in massive chunks from the endpoints (some send 5k logs in bursts every 10 seconds).

我正在尝试使用 nginx 作为 syslog 消息的负载平衡器，但我似乎无法让它工作，这似乎是因为 nginx 正在寻找来自 Graylog 服务器的响应.使用 UDP，它不会得到响应.至少这是我认为正在发生的事情.

I'm trying to use nginx as a load balancer for the syslog messages, but I can't seem to get it to work, and it seems to be because nginx is looking for responses from the Graylog servers. With UDP, it's not going to get a response. At least this is what I think is happening.

我得到的错误是:

2016/12/01 11:27:59 [error] 2816#2816: *210325 no live upstreams while connecting 
  to upstream, udp client: 10.0.1.1, server: 0.0.0.0:11016, 
  upstream: "juniper_close_stream_backend", bytes from/to client:932/0, 
  bytes from/to upstream:0/0

作为我的 nginx.conf 中此规则的示例，它看起来像:

As an example of this rule in my nginx.conf, it looks like:

stream {
    server {
        listen 11016 udp;
        proxy_pass juniper_close_stream_backend;
    }
    upstream juniper_close_stream_backend {
        server 10.0.1.2:11016;
        server 10.0.1.3:11016;
        server 10.0.1.4:11016;
    }
}

在本例中，我的系统日志框是 10.0.1.1，而我的下游 Graylog 框是 10.0.1.[2-4].我看到所有这些错误消息.

In this instance, my syslog box is 10.0.1.1, and my downstream Graylog boxes are 10.0.1.[2-4]. I see this error message for all of them.

关于发生了什么的任何线索?当我在 Graylog 框上运行 tcpdump 时，我看到来自负载均衡器的流量，这意味着它正在工作.但我认为 nginx 正在等待响应并给我一个错误.

Any clue on what is happening? When I run tcpdump on the Graylog boxes, I'm seeing the traffic coming from the load balancer, which means it's working. But I think nginx is expecting a response and is giving me an error.

推荐答案

所以这似乎是解决方案(在我上面的注释中).

So this did seem to be the solution (in my note above).

如果使用上面的示例，您希望它看起来像:

If using my example from above, you want this to look like:

 stream {
     server {
         listen 11016 udp;
         proxy_pass juniper_close_stream_backend;
         proxy_responses 0;
     }
 }

这告诉 nginx 不要期待响应，它不应该需要来自 UDP 的响应.我不知道为什么他们的 examples 在讨论 DNS 时不要显示这个，它可以完全由 UDP 驱动.

This tells nginx not to expect a response, which it shouldn't need from UDP. I don't know why their examples don't show this when discussing DNS, which can be entirely UDP driven.

这篇关于使用 nginx 进行 UDP 转发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！