Does GrayLog need internet access !? If so why?

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
I just installed GrayLog in an protected network zone. My systems in that zone, are normally not allowed to access the internet, for security reasons.

However on my firewall I see that GrayLog constantly tries to access 172.66.43.195 and 172.66.40.61 Addresses which do not belong to anyone conform whois :frowning: . What ever I tend to block this!
No reason to access the internet, apart from updates, as far as me is concerned.

1. Describe your incident:

2. Describe your environment:

  • OS Information:
    FreeBSD (TrueNAS-13.0-U3.1 jail)

  • Package Version:

v4.3.9

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hi @louis

$ whois 172.66.43.195

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#


NetRange:       172.64.0.0 - 172.71.255.255
CIDR:           172.64.0.0/13
NetName:        CLOUDFLARENET
NetHandle:      NET-172-64-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS13335
Organization:   Cloudflare, Inc. (CLOUD14)
RegDate:        2015-02-25
Updated:        2021-05-26
Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref:            https://rdap.arin.net/registry/ip/172.64.0.0



OrgName:        Cloudflare, Inc.
OrgId:          CLOUD14
Address:        101 Townsend Street
City:           San Francisco
StateProv:      CA
PostalCode:     94107
Country:        US
RegDate:        2010-07-09
Updated:        2021-07-01
Ref:            https://rdap.arin.net/registry/entity/CLOUD14

Why does GL need to contact CloudFlare? One of the reasons I can think of is to check whether there is a new version out there (graylog.org DNS is handled by CloudFlare). And, if there is one, I am sure you’d like to keep your GL server up-to-date with the latest and greatest features and bug fixes.

HTH

1 Like

Yep, but CloudFare is just like Amazon just ‘Cloud’ Every body can hide there !!!

The only address I would accept is .graylog.com !!
Surely for ‘servers in the green zone’.

It like emails I receive from xyz.com 'On behalf of supplier . There is no guaranty at all that that is true. So I tend to throw those mails away …

Hey, @louis

Out of curiosity do you have the Enterprise Plugins install?

No, I am private user using graylog to collect alarms from pfsense and in the future probably other computers in my network.