[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
To use the on-box reporting service (cf reports), you must first enable the following components by
entering the following commands:
cf daemond enable agent=auditsql
cf daemond enable agent=auditdbd
Note: The auditsql agent must be enabled before the auditbdb agent.
If you are not using the McAfee Firewall Enterprise on-box reporting tool, leave these agents disabled
Audit output can be configured to trigger alerts using these tools:
• IPS Attack Responses (Monitor > IPS Attack Responses)
• System Responses (Monitor > System Responses)
Kiwi Syslog Server uses the following ports:
UDP Input - UDP 0.0.0.0:514 (default) (plus one Ephemeral port)
TCP Input - TCP 0.0.0.0:1468 (default)
SNMP Input - UDP 0.0.0.0:162 (default) for IPv4 and 163 (default) for IPv6
Secure TCP Input - TCP 0.0.0.0:6514 (default)
Syslog Service <-> Syslog Manager internal comms port - TCP 0.0.0.0:3300 (plus one Ephemeral port).
Web Access - TCP 0.0.0.0:8088 (default)
If no messages are being displayed to the screen or being logged:
• Check network connectivity by pinging from the sending device to the Syslog Server machine
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list)
• Disable any personal firewall software such as ZoneAlarm or BlackIce
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on.
• Send a test message to yourself by pressing Ctrl+T
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host).
• If you see messages appearing, the problem is with the router, switch or Unix box sending the Syslog messages.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server
• The device that is sending messages to you may not be including a priority code in its message. You can set a default priority to use from the Modifiers option of the Kiwi Syslog Server Setup window. To open the setup window use the File | Setup menu option from the main Kiwi Syslog Server window.
• If you are running a Cisco router and are not receiving messages, use the Logging source-interface command to specify an interface to log from. There is a bug in the Cisco IOS that causes invalid UDP checksums unless this command is specified.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.
The default configuration allows the SSH server to listen on any burb where it is enabled without having to configure what addresses it should listen on. However, since Firewall Enterprise proxies, by definition, MUST perform a wildcard bind, the server and proxy cannot coexist in this state.
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.