×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

UDP Port 514 active

Unanswered Question
Mar 8th, 2002
User Badges:

I have a CIDS Model 4230 version 3.0(5)S17. When I run netstat UDP port 514 is active. If I run NRSTOP this port closes and reopens with NRSTART. Does the application need this port open and why?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcabal Fri, 03/08/2002 - 08:00
User Badges:
  • Cisco Employee,

UPD port 514 is opened by packetd.


Why?

UDP port 514 is the standard syslog port.

You can setup Cisco Routers to forward their syslog messages to the sensor on this port.

Packetd can analyze these syslog messages and fire alarms when specific ACL entries are denying traffic.

Refer to:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids7/unix_cfg/tasks.htm#xtocid2881315


Because the Cisco Router will always send to UDP port 514 we had to make packetd open up this port when ever it starts.

We also had to change the standard syslog utility on the sensor to run on UDP port 515 so it wouldn't interfer with packetd.


Actions

This Discussion