How to configure Graylog3 server behind a Cisco ASA

Graylog Central (peer support)
1

My graylog v3.0 server is behind a Cisco ASA with NAT rules defined. The graylog server PI is 182.x.x.x behind the ASA and 214.x.x.x external to the ASA. Firewall is open (no ACL).

Depending on what values http_bind_address, http_publish_uri, and http_external_uri are set to, I can access the graylog server web interface from either devices inside my ASA OR from devices outside my ASA, but not both.

What values should http_bind_address, http_publish_uri, and http_external_uri have so I can access my graylog server from both sides of my ASA?

2

http_bind_address to 182.x.x.x, http_publish_uri also to 182.x.x.x and http_external_uri to 214.x.x.x seems like the best option - and use the 214.x.x.x as the address used to access Graylog from both sides. I think… I have no experience with Graylog behind a firewall so… this may not work :slight_smile:

3

Thanks for the reply! I could not get to the web interface from behind the firewall when I configured Graylog as you suggested above. Here is what finally worked:

  • created a DNS record for mygraylogserver pointing to 182.x.x.x in my internal DNS.
  • created a DNS record for mygraylogserver pointing to 214.x.x.x in my external DNS.
  • http_bind_address=mygraylogserver.mydomain.com :9000
  • http_publish_uri=http://mygraylogserver.mydomain.com :9000/
  • http_external_uri = leave commented out
  • systemctl restart graylog-server

I can now get to the Graylog web interface from both sides of my firewall.

1 Like
4

Cool! Like I said, I’m clueless when it comes to firewalls and internal v.s. external use so glad to see it works now :smiley:

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.