I have a firewall sending UDP syslog traffic to a collector manager. I
can see the traffic is received by doing tcpdump. The traffic is on
UDP/514 port as I checked the config, firewall rules and the tcpdump
with filters.

Event source is GREEN indicating there is no error however there is no
data received in Raw Data Tap screen nor when I perform any searches
within Sentinel. The Status details screen says its never received data
from the event source.

I recreated the (Generic) collector / connector / event source and the
event source server however its the same issue. There are some other
firewalls that are working on UDP/514 port on the same collector

Cannot see anything specific in the logs on the collector manager nor on
sentinel core logs.

Please help.


pimpalp's Profile: https://forums.netiq.com/member.php?userid=5587
View this thread: https://forums.netiq.com/showthread.php?t=52283