ProxySG & Advanced Secure Gateway

Hi Team,

we are unable to upload the access logs to the splunk syslog server.

i have tried test upload but no logs received from the syslog server end.

--> configured splunk log format
--> created logs file and mapped this splunk log format
--> custom upload and configured syslog server IP ( log file TXT format)
--> Continuous upload  ( TCP port 514).

Taken PCAP and found FIN request from proxy (10.169.4.111)
 syslog serverIP: 10.170.10.146



Thanks,
Ram

Hi Ramkumar,

Just because you are seeing the FIN from the proxy address (10.169.4.111) doesn't necessarily mean it is coming from there. You may want to check the source MAC address in frame 5 in case it belongs to a different device in the path.

Regards
Paul
Original Message:
Sent: 11-30-2020 05:59 AM
From: Ramkumar P
Subject: proxysg- unable to upload logs to Splunk syslog server

Hi Team,

we are unable to upload the access logs to the splunk syslog server.

i have tried test upload but no logs received from the syslog server end.

--> configured splunk log format
--> created logs file and mapped this splunk log format
--> custom upload and configured syslog server IP ( log file TXT format)
--> Continuous upload  ( TCP port 514).

Taken PCAP and found FIN request from proxy (10.169.4.111)
 syslog serverIP: 10.170.10.146

Thanks,
Ram

Hi Paul,

the source MAC address is from proxy only.

is there any other possibility to confirm which is causing this issue.

Thanks,
Ram
Original Message:
Sent: 11-30-2020 06:30 AM
From: Paul Riddington
Subject: proxysg- unable to upload logs to Splunk syslog server

Hi Ramkumar,

Just because you are seeing the FIN from the proxy address (10.169.4.111) doesn't necessarily mean it is coming from there. You may want to check the source MAC address in frame 5 in case it belongs to a different device in the path.

Regards
Paul
Original Message:
Sent: 11-30-2020 05:59 AM
From: Ramkumar P
Subject: proxysg- unable to upload logs to Splunk syslog server

Hi Team,

we are unable to upload the access logs to the splunk syslog server.

i have tried test upload but no logs received from the syslog server end.

--> configured splunk log format
--> created logs file and mapped this splunk log format
--> custom upload and configured syslog server IP ( log file TXT format)
--> Continuous upload  ( TCP port 514).

Taken PCAP and found FIN request from proxy (10.169.4.111)
 syslog serverIP: 10.170.10.146

Thanks,
Ram

Hi Ram,

Would it be possible for you to change the schedule from continuous to periodic, cancel any outstanding upload attempts and then force an upload whilst it is set to periodic ? Also, please can you provide the SGOS version running.

Regards
Paul

Original Message:
Sent: 11-30-2020 10:59 PM
From: Ramkumar P
Subject: proxysg- unable to upload logs to Splunk syslog server

Hi Paul,

the source MAC address is from proxy only.

is there any other possibility to confirm which is causing this issue.

Thanks,
Ram
Original Message:
Sent: 11-30-2020 06:30 AM
From: Paul Riddington
Subject: proxysg- unable to upload logs to Splunk syslog server

Hi Ramkumar,

Just because you are seeing the FIN from the proxy address (10.169.4.111) doesn't necessarily mean it is coming from there. You may want to check the source MAC address in frame 5 in case it belongs to a different device in the path.

Regards
Paul
Original Message:
Sent: 11-30-2020 05:59 AM
From: Ramkumar P
Subject: proxysg- unable to upload logs to Splunk syslog server

Hi Team,

we are unable to upload the access logs to the splunk syslog server.

i have tried test upload but no logs received from the syslog server end.

--> configured splunk log format
--> created logs file and mapped this splunk log format
--> custom upload and configured syslog server IP ( log file TXT format)
--> Continuous upload  ( TCP port 514).

Taken PCAP and found FIN request from proxy (10.169.4.111)
 syslog serverIP: 10.170.10.146

Thanks,
Ram