Graylog server making connection requests to many public IP's


Hello, We are on version 2.4.0. We are using the graylog virtual appliance. Our firewall is showing that our graylog server is making frequent connection requests to a range of public ip-addresses as listed below.

Upon doing an initial check it shows these are either ISP’s or data center providers; so the traffic is legit. Is this normal behavior of Graylog? Is there any way to disable this communication from the graylog web UI itself or command line ?

I am sure this is happening for everybody but might have gone unnoticed. .

Thanks, Neeraj

(Jochen) #2

These are NTP servers which are being queried by ntpd so synchronize the system clock.


Thanks Jochen for the quick response. Any way to customize this and instead point it to our own preferred NTP server ?

(Jochen) #4

No, these settings cannot be (permanently) customized in the OVA.

If you want to customize every aspect of the Graylog cluster, you should use a different installation method.

(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.