Hi All

My problem as follow;

recently Customer change Firewall from cisco pix(7.0) to ASA(8.4) .
Sentinel Collector is Cisco Firewall 6.1r2 , connector is syslog 6r10 .
when ASA install completely Sentinel can receiver ASA event , but Event
source ASA suddenly down last night at 23:55 and CreateEventSource in
other Collector(trendmicro) automatically . I delete new create event
source and a few second it will automatically create it in the same
collector (trendmicro) , in the ASA collector Event source can not
receiver any raw data from ASA (all of ASA Collector , syslog connector
, event source server , event source are up and no error ) , only in the
Collector(trendmicro) Event Source can watch ASA sending raw data . I do
not know why . someone can help me to fix this problem .

the sentinel log as follow
Sentinel Syslog 連接器伺服器(event
source server ) Syslog server_514 (ID
C84862D0-463C-102F-A65D-ADBDDA20BDF3)
已建立新的事件來源(created
new event source):10.254.254.253:Syslog:Map Output (universal)
(ID=45D1B4A4-79EE-1030-9C46-0018717427DA),收集器與事件來源群組已存在。EMPTYTZ;
reqId(45D1B4A4-79EE-1030-A2B6-0018717427DA)


--
davidyang888888
------------------------------------------------------------------------
davidyang888888's Profile: https://forums.netiq.com/member.php?userid=4716
View this thread: https://forums.netiq.com/showthread.php?t=47438