So I have setup a Graylog log server. It has been working great for devices that are on the same subnet the server resides on 10.0.3.0/24. The Graylog’s server ip is 10.0.3.253. I also have the following subnets 10.0.1.0/24, 10.0.4.0/24 and 10.0.5.0/24 with devices I would like to send syslog traffic to my Graylog server (10.0.3.253).
I haven’t been able to successfully setup cross subnet communications for the logs myself (I can access the web interface from the other subnets just fine). On my inputs page I have the following:
On the input that’s labeled “Watchguard-Test-Syslog” I am not getting any throughput metrics. That devices resides on the 10.0.5.0/24 network. I am able to access Graylog’s web interface just fine from the 10.0.5.0/24 network.
In my server.conf file I have the following set:
is_master = true rest_listen_uri = http://10.0.3.253:9000/api/ rest_transport_uri = http://10.0.3.253:9000/api/ web_enable = true web_listen_uri = http://10.0.3.253:9000/ elasticsearch_hosts = http://10.0.3.253:9200
I feel like I am missing something simple but I haven’t been able to figure out why I can get log traffic to be sent across the subnets. All other traffic can transit the subnets just fine. Any suggestions or help would be appreciated. I can provide more information if needed.