Hi everyone,
I've configured the VMware Syslog Service for both my VCSA and PSC appliances (6.0 U2) to point to our internal ArcSight logger.
There is one firewall between my appliances and the logger, which is set to allow UDP connectionsonly.
I've configured the VMware Syslog Service on both appliances to point to the logger IP using UDP on port 514:
But both services are coming back as Syslog endpoint [ArcSight IP]:514 not reachable:
Obviously, vCenter is showing critical health alerts for these services.
During some investigation with our ArcSight expert, he concluded that logs are being sent via UDP to the logger with no issues.
He believes that the initial connection (or syslog endpoint reachable check) is actually being sent by TCP, hence it coming back as not reachable.
Does anyone else have this issue or can confirm/deny that last sentence about the TCP connection?
TIA
Andy
