I have issue for opmanager 10 to receive syslog from fortigate 300c. I already do a wireshark on the opmanager server and i can see the syslog information coming in.
But when i do a live syslog viewer, I don see any information coming out, anyone have the same issue. ?
[root@vas-opmanager ~]# tcpdump -v -s0 udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:48:23.818481 IP (tos 0x0, ttl 63, id 65410, offset 0, flags [none], proto UDP (17), length 451)
192.168.251.3.1028 > vas-opmanager.syslog: SYSLOG, length: 423
Facility local7 (23), Severity warning (4)
Msg: date=2014-02-14 time=09:48:23 devname=TL-IN-FW2 device_id=FG300C3912601445 log_id=0038000006 type=traffic subtype=other pri=warning vd=root src=172.15.17.9 src_port=0 src_int="root" dst=192.168.251.3 dst_port=778 dst_int="to-tl-dsw-1" SN=161964157 status=deny policyid=0 dst_country="Reserved" src_country="United States" service=3/10/icmp proto=1 duration=14481182 sent=0 rcvd=0 msg="check fail on allow error, drop."
09:48:28.818982 IP (tos 0x0, ttl 63, id 65411, offset 0, flags [none], proto UDP (17), length 463)
192.168.251.3.1028 > vas-opmanager.syslog: SYSLOG, length: 435
Facility local7 (23), Severity notice (5)
Msg: date=2014-02-14 time=09:48:28 devname=TL-IN-FW2 device_id=FG300C3912601445 log_id=0038000005 type=traffic subtype=other pri=notice vd=root src=172.15.17.9 src_port=0 src_int="root" dst=192.168.251.3 dst_port=778 dst_int="to-tl-dsw-1" SN=161964157 status=accept policyid=0 dst_country="Reserved" src_country="United States" dir_disp=org tran_disp=noop service=3/10/icmp proto=1 duration=14481187 sent=0 rcvd=0 sent_pkt=3 rcvd_pkt=0