I am not seeing Syslog messages in EventSentry, even though the "EventSentry Network Services" service is configured and running

Article ID: 229
Category: Network Monitoring
Applies to: 2.92 and later
Updated: 2018-11-08

Please perform the following troubleshooting steps if incoming Syslog messages and/or SNMP traps are not showing up in the application event log and/or EventSentry database. Verify that:

  1. the syslog and/or snmp feature are both configured to accept messages from all hosts to rule out any configuration issues (navigate to "Network Services" in the management console)
  2. the syslog and/or snmp features are configure to write to a database action and/or the event log (navigate to "Network Services" in the management console)
  3. the "EventSentry Network Services" service is running
  4. you are either running an evaluation version of EventSentry, or have at least a 10-host network device license installed
  5. at least one informational event 112 is logged in the "Application" event log after you start the "EventSentry Network Services" service. EventSentry will log one 112 event for UDP, one 112 event for TCP and one 112 event for SNMP.
  6. no other applications and services are listening on the configured ports (514 for Syslog, 162 for SNMP)
  7. the Windows firewall is not blocking incoming Syslog and/or SNMP packets.
  8. Syslog messages and/or SNMP traps are actually being sent to the host where the "EventSentry Network Services" service is running. We recommend network capturing applications like IPMon+ / ipmon, Wireshark or Network Monitor.

Important Note: If you are seeing Syslog / SNMP traffic in your network monitoring application but not in EventSentry, then please verify that the firewall is configured correctly. Network capturing software operates on a low level, before firewall rules are applied to the traffic. As such, packets being shown in the network capturing software may not be passed on to the OS if they are blocked by the Windows Firewall.