Hi, i am making an input now. and when i put in 0.0.0.0 as binding address my input starts up. But ofcourse i want to use only 1 ip address from where the syslogs can come. when i do add an different address to the binding. it does not work and it gives failed.
What ip are you using, it is not a firewall which is what it soulds like you are saying with “can come from”, binding is what ip adress of the graylog machine it listens on, so it has to be one of the addresses on a local interface.
for my server where i want my syslogs be sent from. to my Graylog server. The server that send the syslogs is 192.168.1.252 and my grayslog server has 192.168.1.90. and i want to be able to onlyhave the 192.168.1.252 to send the ip to that input. and not having every possible ip there is let it send it.
so i want that 192.168.1.252 only can send to the input its meant for.
Then you need to use the system firewall to do that, graylog does not have an “allow list” for inputs.
ok thank you. i got another question about another topic. should i make an new topic?
But does that also mean that for every input i make there has to be an different port open? that means security wise if i want to log things like (exim, network traffic, windows security etc.) there all have to be ports open. instead of just 1 port.
Every input needs its own port, but an input can accept messages from as many devices as it needs to. So you can have one syslog port for 10 thousand switches and 500 routers. And then another input for beats that is collecting from 500 windows machines etc.
Okay. thanks for letting me know.