Graylog server making connection requests to many public IP's

neeraj · January 18, 2018, 3:18pm

Hello, We are on version 2.4.0. We are using the graylog virtual appliance. Our firewall is showing that our graylog server is making frequent connection requests to a range of public ip-addresses as listed below.
64.6.144.6
198.55.111.50
173.71.68.101

Upon doing an initial check it shows these are either ISP’s or data center providers; so the traffic is legit. Is this normal behavior of Graylog? Is there any way to disable this communication from the graylog web UI itself or command line ?

I am sure this is happening for everybody but might have gone unnoticed. .

Thanks, Neeraj

jochen · January 18, 2018, 3:27pm

These are NTP servers which are being queried by ntpd so synchronize the system clock.

neeraj · January 18, 2018, 3:29pm

Thanks Jochen for the quick response. Any way to customize this and instead point it to our own preferred NTP server ?

jochen · January 18, 2018, 3:33pm

No, these settings cannot be (permanently) customized in the OVA.

If you want to customize every aspect of the Graylog cluster, you should use a different installation method.

system · February 1, 2018, 3:33pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog server with public and private IPs Graylog Central (peer support)	4	1459	July 28, 2020
Not able to access the Graylog GUI Graylog Central (peer support)	2	313	April 18, 2019
Graylog Web UI Blank using public IP Graylog Central (peer support)	7	2221	February 10, 2020
Remote graylog website access (via internet, public IP) Graylog Central (peer support)	11	8186	April 13, 2018
Web interfaces on public ip (I thought it was simple..) Graylog Central (peer support)	2	1274	April 30, 2019

Graylog server making connection requests to many public IP's

Related Topics