This article applies to:
- Firewall Suite 4.X
- Syslog Forwarding Agent
Question:
How do I troubleshoot the Syslog Forwarding Agent?
Procedure:
Server Side
- Make any necessary modifications to the syslog output (in the case of firewalls that do not maintain logs), or make sure that the forwarding agent is set up and running on the firewall (in the case of firewalls that are forwarding the logs they create).
- If you are using the forwarding agent with a recent version of Raptor, be sure the vulture process is not killing the service. Check the services control panel to ensure that the log file forwarding agent is running.
- Also, be sure that a rule exists on the firewall permitting the Firewall Suite machine to access port 514 via the UDP protocol.
- Make sure to restart the firewall service after making changes; sometimes, only a reboot will resynchronize the services and daemons.
Firewall Suite Side:
- Log on as administrator. Delete the IP_Address directory found under the following directory:
- Clear all profiles. Reboot the machine. Verify that the Syslog Service has stopped or is non-existent in the control panel.
- Recreate a Firewall Suite profile choosing Syslog when prompted, and using all other defaults. Verify that the service starts in the Control Panel.
- Verify that the IP_Address directory contains log files that are being updated.
Please refer to the Firewall Configuration Guide for more information:
- This article was previously published as:
- NETIQKB343