I need a little bit of your help. I have installed graylog and set him only Public IP address (like 188.8.131.52).
Configured the inputs as you can see here:
and then tried to send logs to the input.
I have like three machines with different public IP addresses.
Machine1 - 184.108.40.206
Machine2 - 220.127.116.11
Machine3 - 18.104.22.168
Now the point is, that when I try to send logs to graylog from machines, the logs are reciveved only from Machine1. U just dunno what can be the problem. I have controlled everything (firewall, server.conf, elasticsearch.yml,netstat, tcpdump)
The fact is, that when using tcpdump i do not see any incoming traffic from Machine2 & Machine3. All three machines have identical configuration. No firewall.
(Btw - When I have configured TCP syslog, I was the port open)
Do you have any tip what could be the problem? Or does graylog have some native restrictions not to allow any traffic then from his own subnet?
Thank you very much for any advice.