Sending Syslog messages to Graylog across subnets?


Hi all,

So I have setup a Graylog log server. It has been working great for devices that are on the same subnet the server resides on The Graylog’s server ip is I also have the following subnets, and with devices I would like to send syslog traffic to my Graylog server (

I haven’t been able to successfully setup cross subnet communications for the logs myself (I can access the web interface from the other subnets just fine). On my inputs page I have the following:

On the input that’s labeled “Watchguard-Test-Syslog” I am not getting any throughput metrics. That devices resides on the network. I am able to access Graylog’s web interface just fine from the network.

In my server.conf file I have the following set:

is_master = true
rest_listen_uri =
rest_transport_uri =
web_enable = true
web_listen_uri =
elasticsearch_hosts =

I feel like I am missing something simple but I haven’t been able to figure out why I can get log traffic to be sent across the subnets. All other traffic can transit the subnets just fine. Any suggestions or help would be appreciated. I can provide more information if needed.



It depends on how are subnets interconnected - are they on the same layer 2 network or connected using router. If router, it must forward udp port 55515 from client network to graylog network. If the same L2 network, client should know about graylog server subnet, i.e. additional IP address from this subnet should be configured on client’s ethernet interface.


So your message actually prompted me to try one other thing…the other subnets are in different geographical locations that I have connected to the main router via a Branch Office VPN. So all I had to do get them to connect to the Graylog server was allow the tunnel network access to the graylog server and my inputs started receiving messages…Thanks for prompting that thought process.

(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.