Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1107
Views
0
Helpful
3
Replies

Sourcefire 's log didn't send to syslog server

Bill_Yang1227
Level 1
Level 1

‎09-01-2016 08:15 AM - edited ‎03-10-2019 06:40 AM

Dears

I have Cisco AMP 8150(5.4.0.1) + Virtual Firepower Management Center Data(5.4.0-763)

When I apply to device,and complete. my syslog server success received log.

But short time,mybe 1min,10min,30min...my syslog server not received log.

untill I apply to device and complete again......

Please HELP Me....

Thanks a lot

 

 

Labels:
0 Helpful
3 Replies 3

Hoyeh Tsai
Level 1
Level 1

‎09-04-2016 07:56 PM

If the syslog server is running with linux , you could use tcpdump command to make sure , is sourcefire not sending syslog , or the server syslog deamon not work?

if it's running with windows, you could use wireshark for  figure out. 

0 Helpful

Bill_Yang1227
Level 1
Level 1
In response to Hoyeh Tsai

‎09-04-2016 08:32 PM

In fact,I have two syslog.

one syslog server run HP arcsight.

another run 3CDaemon on windows is for test.

Two syslog server situation are same.....

0 Helpful

Hoyeh Tsai
Level 1
Level 1
In response to Bill_Yang1227

‎09-05-2016 07:59 PM

Could you see the log from connection and intrusion analysis? 

if it work , accroding to your pic, i think your are config fine. 

just make sure you've deploy the policy , and no firewall between sensor and syslog server,

or open nessery port.

if you do so , and still no log, i think you should open a case for troubleshooting.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card