Default port for a server in "Collectors"


(Murat) #1

It’s a simple question and I am looking for some answers. How can I find the default port for a server in “Collectors” section?


(Jan Doberstein) #2

What did you mean by “default” port?

The Sidecar communicate with the Graylog server via API (that could be HTTP or HTTPS) and the Collector will communicate with the Beats input of your Graylog Server depending on the configuration you submit.


(Murat) #3

I need to find the true port to port closing for our service server (windows server 2016) [users connecting to this server via remote desktop server program]. And my IT manager told me to check graylog to find this server’s port!


(Murat) #4

My server was removed for the server. I just need to search through Graylog for a port.


(Jan Doberstein) #5

you should rephrase your question - I didn’t get what you final goal is.


(Murat) #6

First: we are currently closing all open ports for some programs, ok?

for example: Eset ERA port, DHCP server port, DNS server port, active directory port, remote desktop port, and a port number of one of our windows server.

This windows server is on Graylog/collectors, We can see this server in that section.

Now: My IT manager wants to see ports for all this programs. Of course includes this server’s PORT.

So, my main question is: Is it possible that we can see the port of a server in Graylog?


(Murat) #7

This is the first server I mentioned.


(Murat) #8

Is it okay to use "srcport and dstport " numbers for shutdown ports of that server? I found a lot of different ports in collectors -> show messages -> field filter


(Jan Doberstein) #9

as I do not know what kind of data you are collecting and what kind of processing and normalization you do to the data - I can’t explain you how you get the information out your manager requested from you.


(Murat) #10

Well, I understand, thank you anyway


(system) #11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.