Graylog server making connection requests to many public IP's

neeraj · January 18, 2018, 3:18pm

Hello, We are on version 2.4.0. We are using the graylog virtual appliance. Our firewall is showing that our graylog server is making frequent connection requests to a range of public ip-addresses as listed below.
64.6.144.6
198.55.111.50
173.71.68.101

Upon doing an initial check it shows these are either ISP’s or data center providers; so the traffic is legit. Is this normal behavior of Graylog? Is there any way to disable this communication from the graylog web UI itself or command line ?

I am sure this is happening for everybody but might have gone unnoticed. .

Thanks, Neeraj

jochen · January 18, 2018, 3:27pm

These are NTP servers which are being queried by ntpd so synchronize the system clock.

neeraj · January 18, 2018, 3:29pm

Thanks Jochen for the quick response. Any way to customize this and instead point it to our own preferred NTP server ?

jochen · January 18, 2018, 3:33pm

No, these settings cannot be (permanently) customized in the OVA.

If you want to customize every aspect of the Graylog cluster, you should use a different installation method.

system · February 1, 2018, 3:33pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Threats investigation Graylog Central (peer support)	3	620	May 9, 2017
Graylog not accepting at UDP port from other public IP addresses Graylog Central (peer support)	2	968	December 4, 2019
Graylog server with public and private IPs Graylog Central (peer support)	4	1591	July 28, 2020
Graylog and private IP sources for syslog Graylog Central (peer support)	1	368	September 9, 2020
Problem sending logs to Graylog Inputs from external source Graylog Central (peer support)	7	1005	February 19, 2020

Graylog server making connection requests to many public IP's

Related topics