Hi All

My problem as follow;

recently Customer change Firewall from cisco pix(7.0) to ASA(8.4) .
Sentinel Collector is Cisco Firewall 6.1r2 , connector is syslog 6r10 .
when ASA install completely Sentinel can receiver ASA event , but Event
source ASA suddenly down last night at 23:55 and CreateEventSource in
other Collector(trendmicro) automatically . I delete new create event
source and a few second it will automatically create it in the same
collector (trendmicro) , in the ASA collector Event source can not
receiver any raw data from ASA (all of ASA Collector , syslog connector
, event source server , event source are up and no error ) , only in the
Collector(trendmicro) Event Source can watch ASA sending raw data . I do
not know why . someone can help me to fix this problem .

the sentinel log as follow
Sentinel Syslog 連接器伺服器(event
source server ) Syslog server_514 (ID
new event source): Output (universal)

davidyang888888's Profile: https://forums.netiq.com/member.php?userid=4716
View this thread: https://forums.netiq.com/showthread.php?t=47438