Hi, I’m configuring a Graylog server to collect syslogs from servers and network devices. When I check the firewall, I saw communication from Graylog server to a tor node has been blocked. As per the firewall, Graylog server tried to access a URL chiwui.torproject.org
I found one line in the Graylog server log that match with the IP address 138.201.14.212, log reads as
Caused by: java.net.ConnectException: Failed to connect to check.torproject.org/138.201.14.212:443
I presume connection was refused because it was interrupted by the firewall.
There are not much information about this URL, so I checked this in Alien Vault OTX.
https://otx.alienvault.com/indicator/hostname/chiwui.torproject.org
I’m trying to understand why Graylog server tried to communicate with this tor node. Has anyone seen this before?