Hoping you can guide me here, I’ve setup graylog using the docker examples from graylog and everything works brilliantly.
Until that is, i’ve added two devices of the same type into Graylog.
So these are pfsense firewalls which don’s sent the client IP as part of the syslog payload, so i need to rely on the source ip address of the pfsense firewall sending the message,
After searching on here i’ve found the gl2_remote_ip (I think, from memory) that shows this info. BUT this is where the problem is, docker is SNATing the incoming packet to its bridge gateway address, so both of my firewall logs look the same!
I’ve spent the day trying to work out how to use a host network and still keep the bridge network for the postgres and elastricsearch comms but i must admit i’ve got a bit lost.
I’ve also seen possible issues with running host and bridge networks on the same server. I understand ports can;t overlap!
I’m sure this is a docker issue, but has anyone come up against this before and can help me with a docker-compose.yml example or advise on how to configure a host network just for the incoming comms, or how to create a custom bridge network which won’t SNAt the incoming packets???