Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1882
Views
0
Helpful
1
Replies

Using syslog UDP connection errors

David Owens
Level 1
Level 1

‎03-20-2012 12:23 PM

We recently implemented a syslog UDP delivery of several of our ESA logs to our security group for evaulation.  We are consistently getting this error message regarding these deliveries.  UDP should be basically be a blind connection - why would the IronPort reporting these errors?  Cisoc C670 ver 7.5.1-102 O/S

If this is expected behavior then what other options would you recommend?

Log Error: Subscription ISIS_MX_Mail_Logs: Network error while sending log data to syslog server 162.131.217.11 (162.131.217.11): [Errno 61] Connection refused

Labels:
0 Helpful
1 Reply 1

RSteveKadish
Level 1
Level 1

‎03-20-2012 12:30 PM

I have the same issue.  However, it's only a few alerts per day, and it does seem like the syslog messages are being recieved by the SIEM.  I'd also be interested in knowing what's behind the "connection refused" alerts. 

0 Helpful
Customers Also Viewed These Support Documents