Cisco FMC Sending to NagiosLS 2.1.8 on UDP514 - no logs rec'
Posted: Mon Sep 20, 2021 1:28 pm
I have an instance of Cisco Firepower Management Center running at version 6.6.4
It is set to send Audit logs as per the first section here:
https://forum.tufin.com/support/kc/late ... /12108.htm
I understand that by choosing "LOCAL7" as my Facility, the FMC should be shipping logs on UDP 514 to my Nagios instance at 10.75.2.45
I have then gone on to set the Nagios Server to listen on protected ports as in method 1 here:
https://assets.nagios.com/downloads/nag ... Server.pdf
I see no logs coming in, and I don't have a grip on what more I can check through to ~force~ a check.
I attempted to push the FMC toward a temporary syslog service setup, just to give it a sniff check, but I can't prove anything because UDP514 was already in use on that temporary box (by a security tool that I can't remove).
Is there anything I can check out on the NagiosLS VM that might prove that I'm able to listen on UDP514 after completing method 1?
J.
It is set to send Audit logs as per the first section here:
https://forum.tufin.com/support/kc/late ... /12108.htm
I understand that by choosing "LOCAL7" as my Facility, the FMC should be shipping logs on UDP 514 to my Nagios instance at 10.75.2.45
I have then gone on to set the Nagios Server to listen on protected ports as in method 1 here:
https://assets.nagios.com/downloads/nag ... Server.pdf
I see no logs coming in, and I don't have a grip on what more I can check through to ~force~ a check.
I attempted to push the FMC toward a temporary syslog service setup, just to give it a sniff check, but I can't prove anything because UDP514 was already in use on that temporary box (by a security tool that I can't remove).
Is there anything I can check out on the NagiosLS VM that might prove that I'm able to listen on UDP514 after completing method 1?
J.