Article Number
000039769
Applies To
RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.3.X above
Platform: CentOS
O/S Version: 7
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.3.X above
Platform: CentOS
O/S Version: 7
Issue
While Configuring ports 514 or 6514 in Local Log Collector->Cofig->Event Sources->Syslog/Config page, The UI shows below error.
Image description
Image descriptionTask
This error is expected as these ports 514 and 6514 are used by the LogDecoder service.
Please Refer Collector Configuration Guide Page 103 for the below note.
Note: For local LogCollectors, you cannot create syslog listeners on ports 514 and 6514. these ports are used by the LogDecoder service.
Please Refer Collector Configuration Guide Page 103 for the below note.
Note: For local LogCollectors, you cannot create syslog listeners on ports 514 and 6514. these ports are used by the LogDecoder service.
Resolution
There is no need of configuring these 514 and 6514 in Local Log Collector as these are open for logdecoder already. If event sources are configured to send on these ports, the events will be processed automatically.
If there is a need to test syslog functionality, Please run the below command in Logdecoder.
echo "<10> Mar 1 17:34:53 Test">/dev/udp/127.0.0.1/514
Then verify Navigate page to see this event on the device.ip=127.0.0.1
If there is a need to test syslog functionality, Please run the below command in Logdecoder.
echo "<10> Mar 1 17:34:53 Test">/dev/udp/127.0.0.1/514
Then verify Navigate page to see this event on the device.ip=127.0.0.1
In this article
