I have been tasked with building out a Graylog2 cluster solution at my company and it has been going very well but need some help with the best way to handle a rather complex alert.
We have roughly1500 Windows computers with 4 at roughly 400 locations on their own private networks. They are locked down so that they can only communicate with specific IP addresses listed in a firewall that is at each location. All the firewalls are of the same make and model if that helps. I do not need assistance with communication to each location as that is already working. What I want to do is create an alert so that if one of the computers attempts to communicate outside of the approved IP network I get an alert. -------------------------------------------------------------------------------------------------------------------------------------------------- Example: Location has an IP network of 192.168.1.0 PC attempts to communicate with an IP address outside of the IP range of 192.168.1.1-10 If the PC attempts to connect to an IP of say 172.17.1.1 or any other not approved I receive an alert. -------------------------------------------------------------------------------------------------------------------------------------------------- Generally this is not an issue but security is a top priority and there have been times where a tech plugs in something where he/she shouldn't or an employee does the same. I have been successful in setting up quite a few alerts and they work great but I want to make certain I do this in the best possible way without it being too complex if possible. What would be the best way of handling a condition like this? Thanks in advance for any suggestions, Tom -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0e029699-f35e-4c0d-83c6-8d23d0c0e426%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
