Syslog port issue using TCP
Article ID: 397928
Updated On: 05-16-2025
Products
Data Loss Prevention Core Package
Data Loss Prevention
Data Loss Prevention Enforce
Issue/Introduction
After changing the syslog protocol from UDP to TCP it worked for about five weeks.
Then it stopped working, nothing was being received by the syslog server.
Reverting to UDP enabled the logs to be delivered to the syslog server.
Environment
Enforce server > Palo Alto firewall > Splunk syslog server
Cause
TCP on port 514, the default syslog port, was blocked on the Palo Alto firewall for some sources, including the Enforce server.
Resolution
Removed the firewall rule blocking TCP on port 514 coming from the Enforce server.
Feedback
Yes
No
Powered by
