Stange IP addresses for EventLog Analyzer
Hello,
We are currently testing EventLog and Firewall Analyzer. FW is going very well and was easy to get to run. EventLog is giving me a lot of problems.
The server is running Redhat Enterprise Linux, and FW and EventLog are co-hosted on the same machine - it's a very powerful system.
I cannot seem to receive any event log from the client systems. One is another Linux system, with syslog.conf and /etc/services configured as per the documentation. The other is a Windows system running Snare, a tool that converts Windows Event Messages into syslog messages. It too it configured to send syslogs to the server at its IP address and port 513.
Yet, nothing is showing up in the EventLog Analyzer system.
During troubleshooting, what is confusing me is that the server diagnostics says that the host address is 127.0.0.1, instead of the actual server IP address. In addition when I look into Server Details, there it says the server IP is 127.215.6.8, listening on port 513. That is a VERY strange IP address! This is a fresh install and I have not changed any of the configuration files.
Could this be part of the problem? But how, why and where would it be getting this information all wrong? As said above FW Analyzer on the same system has none of these problems, it is able to pick up all IP addresses just fine. Needless to say the server has correct IP addresses, and if reachable from other systems just fine. I can also remote access the web interface.
Any ideas?
Thanks!
Mike
We are currently testing EventLog and Firewall Analyzer. FW is going very well and was easy to get to run. EventLog is giving me a lot of problems.
The server is running Redhat Enterprise Linux, and FW and EventLog are co-hosted on the same machine - it's a very powerful system.
I cannot seem to receive any event log from the client systems. One is another Linux system, with syslog.conf and /etc/services configured as per the documentation. The other is a Windows system running Snare, a tool that converts Windows Event Messages into syslog messages. It too it configured to send syslogs to the server at its IP address and port 513.
Yet, nothing is showing up in the EventLog Analyzer system.
During troubleshooting, what is confusing me is that the server diagnostics says that the host address is 127.0.0.1, instead of the actual server IP address. In addition when I look into Server Details, there it says the server IP is 127.215.6.8, listening on port 513. That is a VERY strange IP address! This is a fresh install and I have not changed any of the configuration files.
Could this be part of the problem? But how, why and where would it be getting this information all wrong? As said above FW Analyzer on the same system has none of these problems, it is able to pick up all IP addresses just fine. Needless to say the server has correct IP addresses, and if reachable from other systems just fine. I can also remote access the web interface.
Any ideas?
Thanks!
Mike