Graylog client on another network

Good, after being a few days testing the graylog in an internal network I would like to leave the server in this network, as it is already configured but now I have the problem that I have the client on another network, does anyone know how to connect my server with the client that is on another network?

Hello @Arraso26

Here is a LAN configuration

client01 [192.168.1.100:5140] --> Router/Firewall for create a policy Port forward [192.168.1.100:5140] -- > [192.168.4.200:5140] --> Graylog02  [192.168.4.200:5140] 

If your going outside you LAN its highly recommend you use TCP/TLS or create some type of tunnel between the two environments.

excuse my ignorance, but where would this rule be created?

No problem,
In layman’s, Terms you need another device to connect two different network. Router/Switch/Firewall

@Arraso26
Perhaps this may help

I am in Spain and I want to connect with a client who is in Ireland, how would that be?

ok, I think I have understood, I have to enter my router and tell it that every packet sent to the port I have set in graylog should be sent to the ip on which I have configured the graylog server?

Hello @Arraso26

Both Environments should have Switch/Firewall/ Router
Example Networking 101

EDIT : I screwed up the IP address in the diagram but I think you get the hint.

Perhaps reading this on port forwarding my help

ok, thank you very much, now I’m on vacation but as soon as I get back I will write to see if it helped me.

1 Like

I took a look and this is how I have it in the router so that port 9000 and 3514(is the one I have to send the logs) are open for our public ip 83.171.139.240 and once the request is made it redirects to 192.168.100.78

Hello @Arraso26

First, I would be careful putting private information on a Public Web site.

Second, this seams not to be a Graylog Issue/ Problem this a network problem.
You may want to Google network connections and Port forwarding for the network devices like Firewall/Router/ switches.
These may help.

What really works well If you have a AD DC. This way you can add both Clients and Graylog servers to that domain with a FQDN for each. That way your not using IP addresses, using something like this instead.

This would make connection way easier for the log shippers . Is this a production environment? if so I would use a TCP/TLS connection /w perhaps a tunneling or VLAN between the two nodes.
Unfortunately I’m unable to setup your network that should be a more private area of configurations.

would these configuration files be ok?

.# GRAYLOG CONFIGURATION FILE
.############################
.#
.# This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
.# Characters that cannot be directly represented in this encoding can be written using Unicode escapes
.# as defined in Chapter 3. Lexical Structure, using the \u prefix.
.# For example, \u002c.
.#
.# * Entries are generally expected to be a single line of the form, one of the following:
.#
.# propertyName=propertyValue
.# propertyName:propertyValue
.#
.# * White space that appears between the property name and property value is ignored,
.# so the following are equivalent:
.#
.# name=Stephen
.# name = Stephen
.#
.# * White space at the beginning of the line is also ignored.
.#
.# * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
.#
.# * The property value is generally terminated by the end of the line. White space following the
.# property value is not ignored, and is treated as part of the property value.
.#
.# * A property value can span several lines if each line is terminated by a backslash (‘\’) character.
.# For example:
.#
.# targetCities=
.# Detroit,
.# Chicago,
.# Los Angeles
.#
.# This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored$
.#
.# * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, .respectively.
.#
.# * The backslash character must be escaped as a double backslash. For example:
.#
.# path=c:\docs\doc1
.#

.# If you are running more than one instances of Graylog server you have to select one of these
.# instances as master. The master will perform some periodical tasks that non-masters won’t perform.
is_master = true
root_username = admin
.# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
.# to use an absolute file path here if you are starting Graylog server from init scripts or similar.
node_id_file = /etc/graylog/server/node-id

.# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
.# Generate one by using for example: pwgen -N 1 -s 96
.# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
.# Changing this value after installation will render all user sessions and encrypted values in the database invalid.$
password_secret = FYT2JbnWscqAvRQxBVXl2VadfJW2IB9J2pGptyr6NFVMtd6h0QEfCgBFARdHeCnkac8C0E2ei6Pw93fJDjqBkwny7rn6agyic
.# The default root user is named ‘admin’
.#root_username = admin

.# You MUST specify a hash password for the root user (which you only need to initially set up the
.# system and in case you lose connectivity to your authentication backend)
.# This password cannot be changed using the API or via the web interface. If you need to change it,
.# modify it in this file.
.# Create one by using for example: echo -n yourpassword | shasum -a 256
.# and put the resulting hash value into the following line
root_password_sha2 = 8c6976e5b5410415bde908ds4dee15dfb167a9c873fc4bb8a81f6f2ab448a918

.# The email address of the root user.
.# Default is empty
.#root_email = “”

.# The time zone setting of the root user. See Joda-Time – Java date and time API - Time Zones for a list of valid time $
.# Default is UTC
.#root_timezone = UTC

.# Set the bin directory here (relative or absolute)
.# This directory contains binaries that are used by the Graylog server.
.# Default: bin
bin_dir = /usr/share/graylog-server/bin

.# Set the data directory here (relative or absolute)
.# This directory is used to store Graylog server state.
.# Default: data
data_dir = /var/lib/graylog-server

.# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

.###############
.# HTTP settings
.###############

.#### HTTP bind address
.#
.# The network interface used by the Graylog HTTP interface.
.#
.# This network interface must be accessible by all Graylog nodes in the cluster and by all clients
.# using the Graylog web interface.
.#
.# If the port is omitted, Graylog will use port 9000 by default.
.#
.# Default: 127.0.0.1:9000
http_bind_address = PUBLICIP:9000
.#http_publish_uri
.#http_external_uri
.#### HTTP publish URI

-----------------------------------------------APACHE.CONF--------------------------------------------------------

.# Apache access file:

$ModLoad imfile
$InputFileName /var/log/apache2/access.log.1
$InputFileTag apache-default:
$InputFileStateFile stat-apache-access
$InputFileSeverity info
$InputRunFileMonitor

#Apache Error file:

$InputFileName /var/log/apache2/error.log.1
$InputFileTag apache-errors:
$InputFileStateFile stat-apache-error
$InputFileSeverity error
$InputRunFileMonitor

$InputFilePollInterval 10

. @PUBLICIP:3514;RSYSLOG_SyslogProtocol23Format

Hello,
Not sure about your environment but my Graylog server has a local IP address (i.e. 192.168.1.10)
My Graylog Client send messages to my remote Graylog server also has a Local IP address ( i.e. 192.168.2.10)

To allow these two remote devices to talk to each other ( AKA Connection) would use PORT FORWARDING on a Firewall/Router/Switch
If you have a wide-area network (WAN) or metropolitan area network (MAN) environments with a domain controller these could be pubic IP Address but from what was stated seams like you have two Local area networks trying to send data between the two.

I’m not sure what Graylog configuration file would do for connecting two Local Area Networks.

I have opened the ports that I have configured to access the server and to send ports, to the server I can access from another network, but if I put a public ip logs do not arrive and if I put the private ip the server the client to be in another country and therefore in another network are not seen, do you have any idea what to do?
but if I try to access it with a client on the same network, it does arrive

Hello,

Exactly what I’m trying to tell you. Please reread my past post.

I’m sorry, but I don’t understand what you’re saying, I have the ports open in the router.

I don’t understand much English either and if you could explain it to me in a simple way I would appreciate it.

Hello,

You need to configure Irelands Firewall Public Ip Address to point to Spain’s Firewall Public IP address using a port (i.e.1514) or any other port you want. Ireland does not know where Spain is, so you need to tell Ireland where to go and what port to use (public IP address & port) once data arrives In Spain you need to redirect the data using that port ( i.e. 1514) to point to Graylog.

Example:

My apologies I cant teach you networking over the internet, so perhaps watching this may enlighten you.

And is it normal that when I try to test on a client that is on the same network I put the external ip in the configuration file and they don’t arrive either?
and thank you very much for helping me

Yes it is.

Your welcome :slight_smile:

ok, let’s see if i have found out i have to configure the router in ireland to forward port 3514 to my public ip no?