Graylog server making connection requests to many public IP's


#1

Hello, We are on version 2.4.0. We are using the graylog virtual appliance. Our firewall is showing that our graylog server is making frequent connection requests to a range of public ip-addresses as listed below.
64.6.144.6
198.55.111.50
173.71.68.101

Upon doing an initial check it shows these are either ISP’s or data center providers; so the traffic is legit. Is this normal behavior of Graylog? Is there any way to disable this communication from the graylog web UI itself or command line ?

I am sure this is happening for everybody but might have gone unnoticed. .

Thanks, Neeraj


(Jochen) #2

These are NTP servers which are being queried by ntpd so synchronize the system clock.


#3

Thanks Jochen for the quick response. Any way to customize this and instead point it to our own preferred NTP server ?


(Jochen) #4

No, these settings cannot be (permanently) customized in the OVA.

If you want to customize every aspect of the Graylog cluster, you should use a different installation method.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.