I have a setup using NXlog instances as collectors in a large number of security zones.

<Input in0>
    Module   im_tcp
    Host      XXX.XXX.XXX.XXX

but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.

tcpdump -nvvA host [Fortinet unit IP]

shows log traffic coming in on the NIC from the given IP address.

What am I missing?

AskedJune 22, 2021 - 12:28pm

Comments (1)

Answers (0)