I have a 3600 router on one side of a Pix firewall, tring to send the syslog file to a sensor on the other side of the firewall. The sensor is on a network that is unroutable and needs a spoof address on the Pix.
I can see the router logging access list violations but nothing is being sent to the sensor. I have the spoof address as the sensor's data source, I have also tried the actual ip of the router. The Pix is configured to allow the traffic from one to the other.
The router logging is set on, and is logging to the spoof address. The data source of the Sensor is also the spoof address. I am currently runing the latest updates to the sensor and Director. Am I missing something?