Graylog inputs in VLAN

Hello, I’m new to this so please have patience with me :stuck_out_tongue:

I have Graylog server on VM running with two interfaces:
enp0s3.2 (vlan 2)
Hosts I want to monitor are in vlan 2, but server is running on enp0s3 interface.
I set http_bind_address and http_publish_uri to, because when it was set to or web interface wouldn’t load.
Pings from graylog reach vlan 2, but i can’t see any traffic with tcpdump. Inputs are running but I don’t recieve any messages.
How to make Graylog listen on vlan 2?
Thanks in advance, have a good day.

When you create an input you can set a bind addres for it wich defaults to
Does it help setting the address where you want to listen to (Edit Interface)?

I tried with bind address and but nothing changes, input running, no messages. I have snmp configured on, but when I try tcpdump port 161 on this address, I see nothing. It’s like I can ping 20.11 but there’s no other traffic.

The problem with snmp could be due tot system restrictions allowing nothing below port 1024.

Maybe this helps on that:

Could your vlan be the problem, try traceroute, mtr of telnet to the desired addres and port.

Is the server listening ont the configured port (netstat -an | grep 9200).

Hello @voust

Have you tried to use a bridge,


I see some traffic now, when i try tcpdump host and port 1502 i get: > graylog.1502: [udp sum ok] SYSLOG, length: 240
Facility user (1), Severity debug (7)
Msg: Jul 29 12:59:08 SNTP[SNTP]: sntp_client.c(1900) 146536 %% SNTP: system clock synchronized on Fri Jul 29 12:59:08 2022 UTC. Indicates that SNTP has successfully synchronized the time of the box with the server (\0x00

But I still get no messages.
Any ideas?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.