I have been tasked with building out a Graylog2 cluster solution at my company and it has been going very well but need some help with the best way to handle a rather complex alert.
We have roughly1500 Windows computers with 4 at roughly 400 locations on their own private networks. They are locked down so that they can only communicate with specific IP addresses listed in a firewall that is at each location. All the firewalls are of the same make and model if that helps. I do not need assistance with communication to each location as that is already working. What I want to do is create an alert so that if one of the computers attempts to communicate outside of the approved IP network I get an alert. -------------------------------------------------------------------------------------------------------------------------------------------------- Example: Location has an IP network of 192.168.1.0 PC attempts to communicate with an IP address outside of the IP range of 192.168.1.1-10 If the PC attempts to connect to an IP of say 172.17.1.1 or any other not approved I receive an alert. -------------------------------------------------------------------------------------------------------------------------------------------------- Generally this is not an issue but security is a top priority and there have been times where a tech plugs in something where he/she shouldn't or an employee does the same. I have been successful in setting up quite a few alerts and they work great but I want to make certain I do this in the best possible way without it being too complex if possible. What would be the best way of handling a condition like this? Thanks in advance for any suggestions, Tom -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0e029699-f35e-4c0d-83c6-8d23d0c0e426%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
