In order for live syslog data to be imported, ensure:
- ContentKeeper is active:
Clients on your network are actively browsing the web and being filtered by the ContentKeeper device.
- Syslog server is the Fastvue IP:
You have specified the Fastvue Reporter server as a syslog server in the ContentKeeper's Syslog Configuration (Double check the IP address used).
- Fastvue Source IP are correct:
You have added the ContentKeeper device as a Source in Fastvue Reporter (Settings | Sources) using the correct name or IP address. Ensure the IP address is the interface that the Fastvue Server is actually connected to (e.g. If the Fastvue server is in your internal network, specify the ContentKeeper's internal interface).
- Fastvue Source Syslog port is correct:
The syslog port specified in Settings | Sources is 514, unless otherwise specified in the ContentKeeper's syslog settings.
- No routing issues between ContentKeeper and the Fastvue Server:
The Fastvue Server and the ContentKeeper source are in the same subnet, or there is a router between the subnets configured to allow syslog traffic through. If there is a router between the two servers, careful attention needs to be paid to how that router handles the traffic, whether there's a NAT involved, whether that router is the default gateway for both machines etc.
- No firewall issues
There is nothing blocking port 514 (or the specified syslog port) on the Fastvue Reporter machine (such as Windows Firewall), or in between the Fastvue Reporter machine and the ContentKeeper device. See our article on Opening the Syslog Port in Windows Firewall for more information.
- No port conflict:
There is no port conflict on port 514 with another application or service on the Fastvue Reporter machine (see below).
Troubleshooting Port Conflicts
To find out whether there is a port conflict on the Fastvue Reporter machine for port 514, open a command prompt and enter:
netstat -ano | find "514"This will list all the processes on the machine using port 514 (it may also include other processes that have a substring of 514). Note the Process ID, and then open Task Manager and go to the Services tab. You should be able to identify the other process by looking for the matching Process ID (PID).
If there is another process listening on port 514, the easiest solution is to specify an alternative port, such as 49514, both in the ContentKeeper syslog settings (in the syslog server field, enter IP:Port - e.g. 10.1.1.1:49514) AND in the Fastvue Reporter source in Settings | Sources.
If all of the above checks out, you can enable full diagnostic logging to log all syslog messages received (regardless of whether they are processed by Fastvue Reporter) to the 'Dashboard.log' file (location shown in Settings | Diagnostic).
- Go to Settings | Diagnostic and increase the logging level to Full.
- Let the software run for five minutes, and then zip and upload the Dashboard.log file to http://www.fastvue.co/upload. The log should contain some diagnostic information to help us troubleshoot this for you.
- As this logging level will grow the Dashboard.log significantly over time, set the logging level back to Normal.