Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Using syslog UDP connection errors

We recently implemented a syslog UDP delivery of several of our ESA logs to our security group for evaulation.  We are consistently getting this error message regarding these deliveries.  UDP should be basically be a blind connection - why would the IronPort reporting these errors?  Cisoc C670 ver 7.5.1-102 O/S

If this is expected behavior then what other options would you recommend?

Log Error: Subscription ISIS_MX_Mail_Logs: Network error while sending log data to syslog server 162.131.217.11 (162.131.217.11): [Errno 61] Connection refused

1 REPLY
New Member

Using syslog UDP connection errors

I have the same issue.  However, it's only a few alerts per day, and it does seem like the syslog messages are being recieved by the SIEM.  I'd also be interested in knowing what's behind the "connection refused" alerts. 

874
Views
0
Helpful
1
Replies
CreatePlease to create content