I have been tasked with building out a Graylog2 cluster solution at my 
company and it has been going very well but need some help with the best 
way to handle a rather complex alert.

We have roughly1500 Windows computers with 4 at roughly 400 locations on 
their own private networks. They are locked down so that they can only 
communicate with specific IP addresses
listed in a firewall that is at each location. All the firewalls are of the 
same make and model if that helps. I do not need assistance with 
communication to each location as that is already working.

What I want to do is create an alert so that if one of the computers 
attempts to communicate outside of the approved IP network I get an alert.

--------------------------------------------------------------------------------------------------------------------------------------------------
Example:

Location has an IP network of 192.168.1.0
PC attempts to communicate with an IP address outside of the IP range of 
192.168.1.1-10
If the PC attempts to connect to an IP of say 172.17.1.1 or any other not 
approved I receive an alert.
--------------------------------------------------------------------------------------------------------------------------------------------------

Generally this is not an issue but security is a top priority and there 
have been times where a tech plugs in something where he/she shouldn't or 
an employee does the same.
I have been successful in setting up quite a few alerts and they work great 
but I want to make certain I do this in the best possible way without it 
being too complex if possible.

What would be the best way of handling a condition like this?

Thanks in advance for any suggestions,

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0e029699-f35e-4c0d-83c6-8d23d0c0e426%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to