Syslog port issue using TCP
search cancel

Syslog port issue using TCP

book

Article ID: 397928

calendar_today

Updated On: 05-16-2025

Products

Data Loss Prevention Core Package Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

After changing the syslog protocol from UDP to TCP it worked for about five weeks.
Then it stopped working, nothing was being received by the syslog server.
Reverting to UDP enabled the logs to be delivered to the syslog server.

Environment

Enforce server > Palo Alto firewall > Splunk syslog server

Cause

TCP on port 514, the default syslog port, was blocked on the Palo Alto firewall for some sources, including the Enforce server.

Resolution

Removed the firewall rule blocking TCP on port 514 coming from the Enforce server.