Graylog 3.1.3 listen on two network interfaces

Graylog Central (peer support)
1

Hii all,

I have two network interfaces eth1 (10.0.2.22) and eth2 (192.168.1.12).

Now i want to reach all the netflow traffic over eth2 and all syslog traffic over eth1. Is this possible?
How should look the server.conf? So that i can configure the inputs with diffrent ip addresses?

Many thanks
Greets safti

2

Hi safti,

If I am not wrong, you should be able to define that while creating an Input. Choose NetFlow UDP input and in Bind address field, just put the IP address of the eth2 interface and that should be it.

image

Cheers!

3

Hii facyber,

Thank you i will try. And in the server.conf? Which IP i have to put in?

greets

4

Oh I understand now what you actually want.

Not sure if that is possible, but if it possible for your setup, pass all logs toward one IP and then in Graylog interface, with Inputs (I explained earlier) and Streams, you can then divide NetFlow logs from the others.

Hope that helps!

5

two things

  • inputs: I suggest use 0.0.0.0, it will listen on all interface. If you need I suggest firewall to limit the access. If you have one server, use IP is ok, but if you will have more, you have to make inputs for every server one-by-one…
  • GL web interface. As far as I know it is possible to listen only one IP. But you need it only for the web access. So you have to use that what you will access to the search, etc… If you need all interface put an nginx, haproxy, etc, what can bind on all interface, and redirect the traffic. It is also recommended if you would like to use regular ports, eg 80,443 for web access.
1 Like
6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.