Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ispcolohost
Contributor

Any trick to get alternative syslog port working?

Got FortiGate 200D with:

 

config log syslogd setting set status enable set server "192.0.2.1" set port 30000 end

 

Prior to adding the "set port 30000" it was working fine to standard port 514.  After adding, and confirming with tcpdump, it doesn't seem to be sending anything.

 

Thanks

3 REPLIES 3
emnoc
Esteemed Contributor III

Diag debug flow would be my 1st start. but b4 you do that did you stop and restart the services. Are you running in  vdoms?   Did you check Master and Slave units

 

e.g 

 

config log syslogd setting

unset server 

set status disable

end

 

wait a few seconds;

 

 

config log syslogd setting

   set server "192.0.2.1"

   set status enable

end

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ispcolohost

Hello, yep, did try removing and re-adding the config, but no change.  These are an HA pair that are currently in sync.  I do also have VDOM's but am not overriding at the vdom level, so this is being done under 'config global'.

 

Via tcpdump, I noticed that if I 'set reliable enable' (which changes the port) and then change the port back to 30000, it begins attempting to log via TCP, but if I leave the port at 30000 without reliable set, it seems to not attempt to log anything.

ispcolohost

Ah please ignore, I was able to figure it out.  The rule to let the port 30k syslog UDP in was set wrong to TCP, so I've got it working now with the first example I posted.

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors