Graylog server tries to talk to a tor node


Hi, I’m configuring a Graylog server to collect syslogs from servers and network devices. When I check the firewall, I saw communication from Graylog server to a tor node has been blocked. As per the firewall, Graylog server tried to access a URL

I found one line in the Graylog server log that match with the IP address, log reads as
Caused by: Failed to connect to

I presume connection was refused because it was interrupted by the firewall.

There are not much information about this URL, so I checked this in Alien Vault OTX.

I’m trying to understand why Graylog server tried to communicate with this tor node. Has anyone seen this before?

(Jan Doberstein) #2

hej @Salinda

did you have any Plugins installed or other software that is running on that server?

if you - for example has installed the thread-intel plugin and activate the check for tor exit nodes that would be the request to get the list of exit nodes.


Hi @jan, you are right. I’ve installed Graylog threatintel plugin and from the logs found that it queries tor exit nodes.

Thanks for your reply.


(system) closed #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.