cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

PA syslog app id - problems

L4 Transporter

Hi

 

so 5220 - 9.0.5

 

I have a syslog client and syslog server.

the path goes through my PA.

I have a rule basically says any internal ip is allowed to the syslog server if the app it syslog 

 

that doesn't work, the packets are too short for the PA to distinguish them .. sigh so add in unknown - udp .

 

now they go through.

 

next problem tcp syslog on port 514 - default for centos and rhel when using tcp 

 

pa don't think syslog goes on port 514.

 

okay application override 

I say any internal ip going to syslog server on tcp 514 . make it syslog application.

 

doesn't work . my session are still marked as unkown ... again i am guessing causes it too small.

 

WTF do you do .

 

I can see packets on both side. client and server .. and the client is trying to send the pa is not letting through.

 

FFS 🙂 sigh

 

any suggestions. I am thinking of just setting any app as long as its port 514 hopefully that will fix it 

 

 

Who rated this post