https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987449#M43621 <P>If the syslog server is running with linux , you could use tcpdump command to make sure , is sourcefire not sending syslog , or the server syslog deamon not work?</P> <P></P> <P>if it's running with windows, you could use wireshark for&nbsp;&nbsp;figure out.&nbsp;</P> Mon, 05 Sep 2016 02:56:38 GMT Hoyeh Tsai 2016-09-05T02:56:38Z https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987448#M43620 <P><SPAN>Dears</SPAN></P> <P><SPAN>I have Cisco AMP 8150(5.4.0.1) + Virtual Firepower Management Center Data(5.4.0-763)</SPAN></P> <P><SPAN>When I apply to device,and complete. my syslog server s</SPAN><SPAN><SPAN>uccess received log.</SPAN></SPAN></P> <P><SPAN>But <SPAN>short time</SPAN>,mybe 1min,10min,30min...my syslog server not <SPAN>received log.</SPAN></SPAN></P> <P><SPAN>untill I apply to device and complete again......</SPAN></P> <P><SPAN>Please HELP Me....</SPAN></P> <P><SPAN>Thanks a lot </SPAN></P> <P><SPAN>&nbsp;<IMG src="http://i.imgur.com/E6pfov3.png" alt="" height="296" width="1039" /></SPAN></P> <P><SPAN><IMG src="http://i.imgur.com/B8dnrms.png" alt="" height="396" width="1039" /></SPAN></P> <P><SPAN><IMG src="http://i.imgur.com/qDSSy4z.png" alt="" height="491" width="1039" /></SPAN></P> <P><SPAN><IMG src="http://i.imgur.com/Dt5a4bN.png" alt="" height="478" width="1039" /></SPAN></P> <P><SPAN><IMG src="http://i.imgur.com/yCVn6No.png" alt="" height="453" width="1039" /></SPAN></P> <P><SPAN>&nbsp;</SPAN></P> Sun, 10 Mar 2019 13:40:35 GMT https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987448#M43620 Bill_Yang1227 2019-03-10T13:40:35Z https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987449#M43621 <P>If the syslog server is running with linux , you could use tcpdump command to make sure , is sourcefire not sending syslog , or the server syslog deamon not work?</P> <P></P> <P>if it's running with windows, you could use wireshark for&nbsp;&nbsp;figure out.&nbsp;</P> Mon, 05 Sep 2016 02:56:38 GMT https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987449#M43621 Hoyeh Tsai 2016-09-05T02:56:38Z https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987450#M43623 <P>In fact,I have two syslog.</P> <P>one syslog server run HP arcsight.</P> <P>another run 3CDaemon on windows is for test.</P> <P>Two syslog server <SPAN id="result_box" class="short_text" lang="en"><SPAN class="">situation</SPAN></SPAN> are same.....</P> <P></P> Mon, 05 Sep 2016 03:32:21 GMT https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987450#M43623 Bill_Yang1227 2016-09-05T03:32:21Z https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987451#M43624 <P>Could you see the log from connection and intrusion analysis?&nbsp;</P> <P>if it work , accroding to your pic, i think your are config fine.&nbsp;</P> <P></P> <P>just make sure you've deploy the policy ,&nbsp;and no firewall between sensor and syslog server,</P> <P>or open nessery port.</P> <P></P> <P>if you do so , and still no log, i think you should open a case for troubleshooting.</P> Tue, 06 Sep 2016 02:59:56 GMT https://community.cisco.com/t5/network-security/sourcefire-s-log-didn-t-send-to-syslog-server/m-p/2987451#M43624 Hoyeh Tsai 2016-09-06T02:59:56Z