Public IP Graylog

how to access to graylog with public ip for geolocation ? @gsmith


Networking 101 :smiley:
Ok I’m going to try to explain this to you as simple as I can. It’s a must that understanding what a public IP address is and where it comes from (i.e., Devices, applications, etc…).

Public IP address
This is a unique, Internet-facing IP address assigned to your device by your ISP. A public address means it can be reached through the Internet.
On a shared network, attached devices may have their own private IP addresses, but when connecting through an Internet connection, they are converted to the public IP address assigned to the router.

Devices that have Public IP addresses and other devices/servers that can potentially have Public IP Address.
Routers, Firewalls (i.e., FortiGate, Cisco, etc…),
Remote Devices (i.e., outside your LAN) DNS servers, Active directory Servers, SQL servers. FTP server, VPN

Private IP address
Private (internal) addresses are not routed on the Internet, and no traffic can be sent to them from the Internet; they are only supposed to work within the local network. This is not used for GeoIP.

How to get Public IP addresses
Network devices like routers, switches, load balancers, intrusion protection systems, and more can output syslog’s which have a Public IP address you can relay to Graylog.
If by chance you have a application and/or service that connects outside the LAN (beyond Privates addresses) if they can generate logs you may be able to check those logs for a Public IP address.

Microsoft Event Viewer may pertain Public IP address, You could check that and send them to Graylog.

Perhaps read over this post.

To be honest this is NOT a Graylog Issue it is a understand how the Internet/Network works issue.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.