This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.403-4 : Remote Syslog Server not sending data

Hi,

I configured the syslog server to send the Firewall log data to a server on udp port 514.

Using Kiwi Syslog Server to capture the data.

I could not see any data arriving, so i installed wireshark to check the traffic. Wireshark shows no traffic arriving on udp port 514. The firewall on the server has been switched off to make sure it is not interfering with anything.

I tried on a tcp port, with the same result. It seems the UTM is not sending the data. The System Log shows the following:

2016:07:04-07:34:04 mail syslog-ng[4971]: Syslog connection established; fd='67', server='AF_INET(MyServerIP:514)', local='AF_INET(0.0.0.0:0)'

2016:07:04-07:34:04 mail syslog-ng[4971]: Configuration reload request received, reloading configuration;

I also tried a config where i used the ip address and not the server name (just in case dns was serving an incorrect ip).

Any ideas?

This thread was automatically locked due to age.

0 sachingurung over 8 years ago

Hi,

Please post the syslog configuration screenshot. What information does TCPDUMP capture? Does UTM forwards data on the configured port? Is there a firewall rule configured in UTM to forward the traffic on specific port?

Please refer: https://community.sophos.com/kb/en-US/121397.

I also recommend you to give a try to our reporting software iView which offers free reporting till 100 GB!! Check it here.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel