diff --git a/config-parts/firewall-ipv4.sh b/config-parts/firewall-ipv4.sh
index d4f708a..1cc0252 100644
--- a/config-parts/firewall-ipv4.sh
+++ b/config-parts/firewall-ipv4.sh
@@ -221,9 +221,9 @@ set firewall ipv4 name local-servers rule 100 description 'Rule: accept_k8s_api'
 set firewall ipv4 name local-servers rule 100 destination port '6443'
 set firewall ipv4 name local-servers rule 100 protocol 'tcp'
 set firewall ipv4 name local-servers rule 200 action 'accept'
-set firewall ipv4 name local-servers rule 200 description 'Rule: accept_vector_syslog'
-set firewall ipv4 name local-servers rule 200 destination group address-group 'k8s_vector_aggregator'
-set firewall ipv4 name local-servers rule 200 destination port '6001'
+set firewall ipv4 name local-servers rule 200 description 'Rule: accept_graylog_syslog'
+set firewall ipv4 name local-servers rule 200 destination group address-group 'graylog'
+set firewall ipv4 name local-servers rule 200 destination port '1514'
 set firewall ipv4 name local-servers rule 200 protocol 'tcp'
 set firewall ipv4 name local-servers rule 999 action 'drop'
 set firewall ipv4 name local-servers rule 999 description 'Rule: drop_invalid'
diff --git a/config-parts/firewall.sh b/config-parts/firewall.sh
index ab0488f..c566657 100644
--- a/config-parts/firewall.sh
+++ b/config-parts/firewall.sh
@@ -13,7 +13,7 @@ set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worke
 set firewall group address-group k8s_api address '10.5.0.2'
 set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
 set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
-set firewall group address-group k8s_vector_aggregator address '10.45.0.2'
+set firewall group address-group graylog address '10.1.1.5'
 set firewall group address-group nas address '10.1.1.11-10.1.1.12'
 set firewall group address-group unifi_devices address '10.1.0.11'
 set firewall group address-group unifi_devices address '10.1.0.12'
diff --git a/config-parts/service-dhcp_server.sh b/config-parts/service-dhcp_server.sh
index 33fc9a2..9b2eba5 100644
--- a/config-parts/service-dhcp_server.sh
+++ b/config-parts/service-dhcp_server.sh
@@ -37,6 +37,10 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 name-serv
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 start '10.1.1.200'
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 stop '10.1.1.254'
 
+# Logging
+set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard ip-address '10.1.1.5'
+set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard mac-address 'a0:42:3f:2f:a9:69'
+
 # NAS
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11'
 set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d'
diff --git a/config-parts/system.sh b/config-parts/system.sh
index 98121c5..032a899 100644
--- a/config-parts/system.sh
+++ b/config-parts/system.sh
@@ -19,3 +19,9 @@ set system task-scheduler task backup-config crontab-spec '30 0 * * *'
 set system task-scheduler task backup-config executable path '/config/scripts/custom-config-backup.sh'
 
 set system time-zone 'America/Chicago'
+
+# Syslog to graylog
+set system syslog host 10.1.1.5 facility kern level 'warning'
+set system syslog host 10.1.1.5 protocol 'udp'
+set system syslog host 10.1.1.5 port '1514'
+set system syslog host 10.1.1.5 format 'octet-counted'