Hi, I’m configuring a Graylog server to collect syslogs from servers and network devices. When I check the firewall, I saw communication from Graylog server to a tor node has been blocked. As per the firewall, Graylog server tried to access a URL chiwui.torproject.org
I found one line in the Graylog server log that match with the IP address 18.104.22.168, log reads as
Caused by: java.net.ConnectException: Failed to connect to check.torproject.org/22.214.171.124:443
I presume connection was refused because it was interrupted by the firewall.
There are not much information about this URL, so I checked this in Alien Vault OTX.
I’m trying to understand why Graylog server tried to communicate with this tor node. Has anyone seen this before?