search cancel

Event Agents installed on Solaris cannot receive syslog events on port 514


Article ID: 156663


Updated On:


Security Information Manager


Event Agents with Syslog collectors installed on Solaris cannot receive events on port 514

ERROR 2012-06-07 15:23:23,664 Collectors.3403.wGroup.[workinggroup0].SensorThread Thread-19 [Sensor: Sensor 0] Could not create input UDP socket on port '514': Address already in use
INFO 2012-06-07 15:23:23,664 Collectors.3403.wGroup.[workinggroup0].SensorThread Thread-19 [Sensor: Sensor 0] >>> Close sensor thread...
INFO 2012-06-07 15:23:23,665 Collectors.3403.wGroup.[workinggroup0].Sensor.[Sensor_0] Thread-19 Trying to stop server: UDP Syslog server, port: 514...
INFO 2012-06-07 15:23:23,666 Collectors.3403.wGroup.[workinggroup0].Sensor.[Sensor_0] Thread-19 Server [UDP Syslog server, port: 514] successfully stopped


The SSIM Event Agent when installed on Solaris and has a syslog type collector installed cannot receive syslog events over port 514.  The Event Agent
cannot receive inbound syslog events because the operating system has locked up the port for Solaris syslog services.  

You will need to configure your syslog products to send to this Event Agent on a different port than 514 for example port 515.