This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iView show no content, port 514 in firewall

I've configured a VM with iView, everything is correctly installed. Nothing changed in the setup, all set to "Any" source.

But my iView page on :8000 is empty.
SYSLOG info is send from several sources, but these connections end up in the firewall logs from the iView server. On the config page there's no option to set firewall rules for the machine.

Am I missing something?

The firewall log is not accessable from the interface, so i've looked it up from CLI -> /var/logs/packetfilter.log:

2015:01:18-13:19:41 iview ulogd[4172]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="X:X:X:X:X:X" dstmac="X:X:X:X:X:X" srcip="#.#.1.1" dstip="#.#.1.6" proto="17" length="203" tos="0x00" prec="0x00" ttl="64" srcport="54204" dstport="514"

This thread was automatically locked due to age.

0 AzRoN over 9 years ago

In the iView Configuration Webdmin (4444) in Management > iView Logging & Reporting

You have two distinctive sections.

- Allowed Networks

- Remote Syslog Server

Allowed network is where you define your allowed networks that are allowed to ACCESS the iView reporting interface!

Remote Syslog server is a bit misleading, you have the SYSLOG port, 514 (UDP) however, the ALLOWED DEVICES should have an entry of what foreign Networks/DEVICES will be allowed to send SYSLOG data.

If this doesn't help, in the iView Reporting interface go to:

SYSTEM > CONFIGURATION > DEVICE

Do you see an entry for any of your foreign UTMs? If not try ADDING THEM here and set them as active.

==

When in doubt, Script it out.
Cancel
Vote Up 0 Vote Down

Cancel
0 rheptor over 9 years ago

Hi azron,

Thanks for you input. I've installed the VM in KVM for the fifth time and now it is working.
I have absolutely no idea what went wrong.
Cancel
Vote Up 0 Vote Down

Cancel