I have two network interfaces eth1 (10.0.2.22) and eth2 (192.168.1.12).
Now i want to reach all the netflow traffic over eth2 and all syslog traffic over eth1. Is this possible?
How should look the server.conf? So that i can configure the inputs with diffrent ip addresses?
If I am not wrong, you should be able to define that while creating an Input. Choose NetFlow UDP input and in Bind address field, just put the IP address of the eth2 interface and that should be it.
Not sure if that is possible, but if it possible for your setup, pass all logs toward one IP and then in Graylog interface, with Inputs (I explained earlier) and Streams, you can then divide NetFlow logs from the others.
inputs: I suggest use 0.0.0.0, it will listen on all interface. If you need I suggest firewall to limit the access. If you have one server, use IP is ok, but if you will have more, you have to make inputs for every server one-by-oneβ¦
GL web interface. As far as I know it is possible to listen only one IP. But you need it only for the web access. So you have to use that what you will access to the search, etc⦠If you need all interface put an nginx, haproxy, etc, what can bind on all interface, and redirect the traffic. It is also recommended if you would like to use regular ports, eg 80,443 for web access.