Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

UDP Port 514 active

I have a CIDS Model 4230 version 3.0(5)S17. When I run netstat UDP port 514 is active. If I run NRSTOP this port closes and reopens with NRSTART. Does the application need this port open and why?

1 REPLY
Cisco Employee

Re: UDP Port 514 active

UPD port 514 is opened by packetd.

Why?

UDP port 514 is the standard syslog port.

You can setup Cisco Routers to forward their syslog messages to the sensor on this port.

Packetd can analyze these syslog messages and fire alarms when specific ACL entries are denying traffic.

Refer to:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids7/unix_cfg/tasks.htm#xtocid2881315

Because the Cisco Router will always send to UDP port 514 we had to make packetd open up this port when ever it starts.

We also had to change the standard syslog utility on the sensor to run on UDP port 515 so it wouldn't interfer with packetd.

746
Views
0
Helpful
1
Replies
CreatePlease to create content