Graylog and private IP sources for syslog


I am running a new installation of graylog, I am able to receive syslog messages to udp 1515 from 100+ devices on public IPs. We have another 100 or so devices on private IPs that are sending syslog data to our server but graylog appears to silently drop them.

This is not a network issues with connectivity or filtering. I have gone as far as using a test device with a public IP and confirm graylog is seeing and recording the syslog data, then I swapped the IP/hostname on that same cisco switch to a 10.x.x.x range and watch the message arrive in tcpdump but dropped in graylog.

Tcpdump confirms traffic is arriving at the server but it’s unknown why they are being dropped, any help on this would be appreciated.

Thank you

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.