Hello, I’m new to this so please have patience with me
I have Graylog server on VM running with two interfaces:
enp0s3 192.168.10.10
enp0s3.2 (vlan 2) 192.168.20.10
Hosts I want to monitor are in vlan 2, but server is running on enp0s3 interface.
I set http_bind_address and http_publish_uri to 192.168.10.10, because when it was set to 127.0.0.1 or 0.0.0.0 web interface wouldn’t load.
Pings from graylog reach vlan 2, but i can’t see any traffic with tcpdump. Inputs are running but I don’t recieve any messages.
How to make Graylog listen on vlan 2?
Thanks in advance, have a good day.
When you create an input you can set a bind addres for it wich defaults to 0.0.0.0
Does it help setting the address where you want to listen to (Edit Interface)?
I tried with bind address 0.0.0.0 and 192.168.20.10 but nothing changes, input running, no messages. I have snmp configured on 192.168.20.11, but when I try tcpdump port 161 on this address, I see nothing. It’s like I can ping 20.11 but there’s no other traffic.
I see some traffic now, when i try tcpdump host 192.168.20.11 and port 1502 i get:
192.168.20.11.syslog > graylog.1502: [udp sum ok] SYSLOG, length: 240
Facility user (1), Severity debug (7)
Msg: Jul 29 12:59:08 192.168.20.11-1 SNTP[SNTP]: sntp_client.c(1900) 146536 %% SNTP: system clock synchronized on Fri Jul 29 12:59:08 2022 UTC. Indicates that SNTP has successfully synchronized the time of the box with the server (192.168.20.10).\0x00
