cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jfcorreas
New Contributor II

BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

In our organization we have a BSC-600 and I can not send Connection Tracking to a syslog server.

I have prepared and tested a splunk syslog server.

Using netcat, I have sent messages from another server (not the splunk server).


Using for example: 'nc-w0-u XXX.XXX.XXX.XXX <<< 514 "<190> msg Info local7 from remote" ', splunk successfully receives the message.
But splunk does not receive any message from BSC-600.


I configured Connection Tracking as I show in the attached image. I have restarted all services and even reboot the BSC.
The firmware version of the BSC is V6.2.0.22.

Have I forgotten any configuration step? How can I verify that BSC is sending Connection Tracking?

Thank you.

0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

Before opening a support case try moving the radio button next to "User Tracking" over to info. If that doesn't do it, proceed to open a support case. Here are the contacts for support services:

http://www.adtran.com/web/page/portal/Adtran/wp_postsales_contact

View solution in original post

0 Kudos
7 Replies
Anonymous
Not applicable

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

I would first recommend you upgrade to the latest software/patches as of the time of this writing (6.5.1.03 and Bluepatch Version 1). 6.2.0.22 is several years and at least 3 or 4 revisions old. Also be aware that connection tracking keeps track of every single session through the firewall and can be cpu intensive. It comes with a warning:

Warning: Connection tracking sends a record of all network connections to syslog which can result in a large number of log messages and impact BSC performance. Only use if all network connection information needs to be logged for auditing purposes.


You could verify if the BSC is sending by running a traffic capture filtered by the protected network interface (status>diagnostics>traffic capture). He can open the traffic capture file using wireshark (wireshark.org).

jfcorreas
New Contributor II

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

Hi Kenneth,

I've updated BSC to the version and patch you recommended, but it still doesn't send any connection tracking.

I captured the traffic in the protected network interface and I saw that no packet is sent to the syslog server.

Is there another setting that I need to change to get connection tracking works?

Anonymous
Not applicable

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

You should just have to check the check box that says Enable Connection Tracking and populate the IP address of the syslog server to send connection tracking messages to under General Logging. By default the system should send connection tracking messages ever 30 seconds (configurable also under logging) assuming there are clients passing traffic through the BSC's firewall. I have verified this works with the latest software release. If you cannot get it to work, please go ahead and open a support case.

jfcorreas
New Contributor II

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

Solved.

The reason for not coming messages to the syslog server was an access list defined in our network routers. I added a line to allow the traffic (between BSC and syslog server) of UDP packets on port 514 and syslog server has started receiving messages.
Moreover, the reason I didn't see messages sent to the syslog server in the captured traffic is because i wasn't selecting the right protected interface.
I am very grateful for your help. Thank you.

jfcorreas
New Contributor II

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

Finally, I was wrong.

Although BSC successfully sends messages to syslog server, only sends application logs.
I've tried different configurations and I've captured traffic of all network interfaces, but BSC doesn't send any
connection tracking message.


These are my logging settings:

BSC-600-logging-config.png

How I can open a support case?

Anonymous
Not applicable

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

Before opening a support case try moving the radio button next to "User Tracking" over to info. If that doesn't do it, proceed to open a support case. Here are the contacts for support services:

http://www.adtran.com/web/page/portal/Adtran/wp_postsales_contact

0 Kudos
jfcorreas
New Contributor II

Re: BSC-600 can not send Connection Tracking to a syslog server

Jump to solution

That was the problem! Moving the radio button next to "User Tracking" over to info, my syslog server started receiving connection tracking messages.

I had it in front of my nose but I didn't see it.
Thank you very much for the help.