Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
I just installed GrayLog in an protected network zone. My systems in that zone, are normally not allowed to access the internet, for security reasons.

However on my firewall I see that GrayLog constantly tries to access 172.66.43.195 and 172.66.40.61 Addresses which do not belong to anyone conform whois . What ever I tend to block this!
No reason to access the internet, apart from updates, as far as me is concerned.

1. Describe your incident:

2. Describe your environment:

• OS Information:
  FreeBSD (TrueNAS-13.0-U3.1 jail)

• Package Version:

v4.3.9

• Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hi @louis

$ whois 172.66.43.195

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#


NetRange:       172.64.0.0 - 172.71.255.255
CIDR:           172.64.0.0/13
NetName:        CLOUDFLARENET
NetHandle:      NET-172-64-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS13335
Organization:   Cloudflare, Inc. (CLOUD14)
RegDate:        2015-02-25
Updated:        2021-05-26
Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref:            https://rdap.arin.net/registry/ip/172.64.0.0



OrgName:        Cloudflare, Inc.
OrgId:          CLOUD14
Address:        101 Townsend Street
City:           San Francisco
StateProv:      CA
PostalCode:     94107
Country:        US
RegDate:        2010-07-09
Updated:        2021-07-01
Ref:            https://rdap.arin.net/registry/entity/CLOUD14

Why does GL need to contact CloudFlare? One of the reasons I can think of is to check whether there is a new version out there (graylog.org DNS is handled by CloudFlare). And, if there is one, I am sure you’d like to keep your GL server up-to-date with the latest and greatest features and bug fixes.

HTH

Yep, but CloudFare is just like Amazon just ‘Cloud’ Every body can hide there !!!

The only address I would accept is .graylog.com !!
Surely for ‘servers in the green zone’.

It like emails I receive from xyz.com 'On behalf of supplier . There is no guaranty at all that that is true. So I tend to throw those mails away …

Hey, @louis

Out of curiosity do you have the Enterprise Plugins install?

No, I am private user using graylog to collect alarms from pfsense and in the future probably other computers in my network.

You can disable Graylog version check by setting the following parameter in server.cong:

versionchecks = false

(Don’t forget to restart Graylog service)

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.