02-13-2020 11:11 PM
so 5220 - 9.0.5
I have a syslog client and syslog server.
the path goes through my PA.
I have a rule basically says any internal ip is allowed to the syslog server if the app it syslog
that doesn't work, the packets are too short for the PA to distinguish them .. sigh so add in unknown - udp .
now they go through.
next problem tcp syslog on port 514 - default for centos and rhel when using tcp
pa don't think syslog goes on port 514.
okay application override
I say any internal ip going to syslog server on tcp 514 . make it syslog application.
doesn't work . my session are still marked as unkown ... again i am guessing causes it too small.
WTF do you do .
I can see packets on both side. client and server .. and the client is trying to send the pa is not letting through.
FFS 🙂 sigh
any suggestions. I am thinking of just setting any app as long as its port 514 hopefully that will fix it