bernd
commented
1 year ago @pradeepgunsgmail Graylog is taking the source address from the UDP packets it receives. Unfortunately, a known issue is that Docker is modifying the source address of UDP packets.
See the following issue for details: https://github.com/moby/moby/issues/16720#issuecomment-444862701
There is nothing we can do about it, sorry.
I’ve successfully deployed graylog cluster using docker. I’ve pointed few network devices to test netflow data and source address is always fill with docker internal IP instead of real network device IP. Please help me to resolve this.