Graylog with NGINX udp proxy, keep source ip

jimmi · November 5, 2020, 8:58am

Hallo.

I stumbled across Graylog, and wanted to give it a try.

I setup the server, with a NGINX stream proxy in front of it, everything is working perfect. But all my syslog i receive gets the NGINX-servers ip as the source.

How do i keep the source adress from my (example) ASA firewall instead. I cant seem to fingure it out. My NGINX i very simple as follows:

stream {
server {
listen 514 udp:

	proxy_pass 10.10.10.20:10514;
	}

}

shoothub · November 5, 2020, 2:30pm

If hostname is directly in Syslog message, you can extract it and replace source field with it using pipeline rule. If there is no hostname in syslog, graylog can use address sending logs. Please post your example message, and how do you parse it?

system · November 19, 2020, 2:30pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog + Nginx Load Balanced Syslog - Source is the Load Balancer Graylog Central (peer support)	2	3799	April 26, 2017
Syslog device source IP Address Graylog Central (peer support)	8	2930	May 16, 2022
Preserve original IP-Adress via nginx (Proxy Protocol) Graylog Central (peer support)	2	246	January 17, 2024
Syslog input without source ip Graylog Central (peer support)	4	5586	February 2, 2018
Source address is showing as ip address insted of hostname (Name) Graylog Central (peer support)	4	3611	October 5, 2018

Graylog with NGINX udp proxy, keep source ip

Related topics