Accept only authorised logs

I have installed Graylog on a VM in Proxmox and I have a Fortigate in front of it. The Graylog UI is not exposed to internet and it is accessible only from the lan.
However, I am not really sure about what to do with the logs coming in from the public internet. I have to forward a port to receive them. How can I secure the logs so that Graylog will not accept logs that are not “authorised”?
Thanks for helping.

Yes, you will setup inputs, port forward to those inputs (on the correct port). Then on the inout you can setup TLS encryption to encrypt the traffic, and right under those settings you can use a certificate (or a root certificate) to authenticate the incoming traffic. Ie only sources with a matching cert will be accepted.

What kinds of sources are you trying to send?

Thanks for your answer.
It I mainly logs from devices based on Raspberry Pi: err. crit. alert. emerg. and heartbeats. The traffic is from different IPs installed in the field.

Okay perfect, so you will have some control then. With multiple devices you will either need to deploy the same certificate to all of them to authernticate, or use your root certificate to sign all the certificates they use and then the input will reject any other traffic.

Thanks for the directions. Really appreciated.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.