Before starting this document please review this document for general information about how the Syslog Director works. This troubleshooting document assumes that you understand the basic functionality of the Syslog Director.
If you have reviewed the configuration document and you are confident the settings are correct but you are still not getting the expected behavior please see the steps below.
If your logs indicate an error: "No valid sensors in Working group" please read this article.
Check Your Syslog Director version. If you are not using Syslog Director 4.3, please update it.
The Redirect check box does not stay checked in the Syslog Director configuration Director Settings
For information on how to resolve this issue, read the Knowledge Base article: The Redirect check box does not stay checked in the Syslog Director configuration Director Settings
If you do not have a Generic Syslog Event Collector configured, please refer again to the Syslog Director overview document which states that you should always setup the Generic Syslog Event collector whenever you use the Syslog Director. Configure the Generic Syslog event Collector using the steps in this document.
If you find the Redirect is unchecked, check it, save and distribute.
Your screen should show the traffic arriving to the SSIM.
Can you identify traffic from the Source device?
The Syslog director is not processing properly. Make sure you have reviewed the general Syslog Director Configuration document.
If you cannot identify the traffic from the source device using tcpdump, the traffic from that device is not making it to the SSIM.