Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1039
Views
0
Helpful
1
Replies

ESA C690 | Log Error: Subscription antivirus: Network error

John
Level 1
Level 1

‎02-08-2017 06:20 AM

We have experience The Critical message.

Log Error: Subscription antivirus: Network error while sending log data to syslog server 10.13.23.23 (10.13.23.23) Connection refused

Labels:
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎02-08-2017 06:39 AM

Hi John,

The errors indicate that there is either a firewall or Intrusion Prevention System (IPS) that blocks access to the syslog server at the IP Address.

If all devices in-between have been examined and confirmed in order to allow the traffic, then this could also mean that the syslog server is too busy and refused the connections.

When the ESA is configured to send a log file to a syslog server, then by default it will use the UDP syslog port 514 unless configured to use TCP. Once the appliance is configured, the only thing that causes the connection to be listed as refused is if it receives packets that close the connection when it is opened.

Thanks!
Libin Varghese

0 Helpful
Customers Also Viewed These Support Documents