.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
While Configuring ports 514 or 6514 in Local Log Collector->Cofig->Event Sources->Syslog/Config page, The UI shows below error.
Tasks
This error is expected as these ports 514 and 6514 are used by the LogDecoder service.Please Refer Collector Configuration Guide Page 103 for the below note.
Note: For local LogCollectors, you cannot create syslog listeners on ports 514 and 6514. these ports are used by the LogDecoder service.
Resolution
There is no need of configuring these 514 and 6514 in Local Log Collector as these are open for logdecoder already. If event sources are configured to send on these ports, the events will be processed automatically.If there is a need to test syslog functionality, Please run the below command in Logdecoder.
echo "<10> Mar 1 17:34:53 Test">/dev/udp/127.0.0.1/514
Then verify Navigate page to see this event on the device.ip=127.0.0.1
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.3.X above
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure for syslog ports configuration.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue