Server isn’t receiving logs from the Snare Agent
SUMMARY
Aug 18, 2015
Symptoms
The logs from the Snare Agent aren't seen in the Snare Server.
Recommended
Ensure your logs are sent to the Snare Server from the Snare agent. Check your settings on the Network Configuration page of the Snare Agent. The port must be 6161 for UDP/TCP and 6163 for TLS. [DO NOT enable Syslog Header for the Snare Server.] **If using SYSLOG as the destination server set UDP protocol with port 514.
Other items to check
On the Snare Agent, if the network configuration changed, was the change applied? Ensure to apply the latest configuration.
Ping the destination server to ensure it is up and communicating happily.
What protocol was used? Can test by changing to UDP (if applicable), to check if events appear. If the events do appear, then it means there are issues with your network (check firewall etc.).If firewall related on the client, you may be required to adjust the local firewall settings or your GPO (Group Policy Objects) to allow the agent to log data to the server on UDP/TCP port 6161.
Once network is resolved, then update configuration back to TCP/TLS/SSL where applicable.