.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Syslog Collection enabled over TCP 6514 using Linux (Red Hat RHEL, Debian GNU, and Novell SuSE) Event Source Configuration Guide.NetWitness Collector messages show below errors without event source logs.
/var/log/messages:
Jul 5 12:26:50 Dummyname NwLogCollector[23152]: [SyslogCollection] [failure] [syslog-tcp.tcp6514] [processing] unknown protocol during syslog TLS handshake
Cause
This error is due to no SSL certificates.
Resolution
- Please Navigate to Remote Collector->Config->Event Sources->Syslog/Config page.
- Select syslog-tcp and Edit tcp6514 to uncheck SSL Receiver.
3. Stop and Start Syslog Collection in Remote Collector->System page.
4. Verify Navigate page to view logs with query device.ip=
Please see Configure Syslog Event Sources for more details.
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.1.0
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure to fix unknown protocol errors to collect syslog over 6514 port.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue