I have an instance of Cisco Firepower Management Center running at version 6.6.4
It is set to send Audit logs as per the first section here:
https://forum.tufin.com/support/kc/late ... /12108.htm
I understand that by choosing "LOCAL7" as my Facility, the FMC should be shipping logs on UDP 514 to my Nagios instance at 10.75.2.45
I have then gone on to set the Nagios Server to listen on protected ports as in method 1 here:
https://assets.nagios.com/downloads/nag ... Server.pdf
I see no logs coming in, and I don't have a grip on what more I can check through to ~force~ a check.
I attempted to push the FMC toward a temporary syslog service setup, just to give it a sniff check, but I can't prove anything because UDP514 was already in use on that temporary box (by a security tool that I can't remove).
Is there anything I can check out on the NagiosLS VM that might prove that I'm able to listen on UDP514 after completing method 1?
J.
Cisco FMC Sending to NagiosLS 2.1.8 on UDP514 - no logs rec'
Re: Cisco FMC Sending to NagiosLS 2.1.8 on UDP514 - no logs
Hello @jdp
Thanks for reaching out, I see that the Cisco Firewall Management Center has an option to change the port (514) and change it to something like 5514 and save config.
Use tcpdump to see if you are receiving anything:
Example:
Thanks,
Perry
Thanks for reaching out, I see that the Cisco Firewall Management Center has an option to change the port (514) and change it to something like 5514 and save config.
Use tcpdump to see if you are receiving anything:
Example:
Code: Select all
tcpdump udp port 5514 -vvPerry