Hi,
I have a query, i’ve been using graylog server for 6 months now. When we add inputs to Graylog server by routing rsyslog, syslog and GLEF INPUT( from Windows machines). we have to enable certain ports at both server and client (Input machines) for sending logs. do we need to enable a unique port at both graylog server and INPUTS for each INPUTS we add to server.
If yes, won’t it will create a vulnerability for my server if i open a lots of ports in Local network. Please suggest.
and Please do suggest me site or Location when i can find more content for Graylog servers. (Graylog site has too straight docs with no examples.)
On client you don’t need to open ports, output ports typically are not closed and input ports for replays are open.
On server you don’t need separate inputs foe each client, unless there are some specific extractors for each of them. I am currently collecting logs from 10 sources, using one input for Windows GELF, one Linux syslog input and one syslog input for specific needs.
Answering your question, yes, you need unique port for each input.
So, you are saying that (lets take an example) if i have 10-20 Linux (centos) machines that logs need to forwarded to my graylog server. I need to create only one “syslog TCP” INPUT in server?
(as they filtered based on their hostname?)
So each new type of Flavour will require New INPUT along with a Specific port?
