Graylog not accepting at UDP port from other public IP addresses

RadekVymazal · November 20, 2019, 5:54pm

Hello community.
I need a little bit of your help. I have installed graylog and set him only Public IP address (like 1.2.3.4).
Configured the inputs as you can see here:

and then tried to send logs to the input.
I have like three machines with different public IP addresses.
Machine1 - 1.2.3.1
Machine2 - 3.3.3.3
Machine3 - 7.7.7.7

Now the point is, that when I try to send logs to graylog from machines, the logs are reciveved only from Machine1. U just dunno what can be the problem. I have controlled everything (firewall, server.conf, elasticsearch.yml,netstat, tcpdump)
The fact is, that when using tcpdump i do not see any incoming traffic from Machine2 & Machine3. All three machines have identical configuration. No firewall.

(Btw - When I have configured TCP syslog, I was the port open)

Do you have any tip what could be the problem? Or does graylog have some native restrictions not to allow any traffic then from his own subnet?

Thank you very much for any advice.

RadekVymazal · November 20, 2019, 6:16pm

OMG, I have solved it. Something got buggy with the 3333 port. So basically I have created a new UDP syslog input (on a different port) and it started working.

system · December 4, 2019, 6:16pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog and private IP sources for syslog Graylog Central (peer support)	1	323	September 9, 2020
Graylog inputs do not seem to be working Graylog Central (peer support)	5	2661	September 7, 2018
Traffic from other subnet Graylog Central (peer support)	3	712	September 4, 2017
Problem sending logs to Graylog Inputs from external source Graylog Central (peer support)	7	861	February 19, 2020
Udp/tcp in blocked Graylog Central (peer support)	18	2747	August 30, 2018

Graylog not accepting at UDP port from other public IP addresses

Related Topics