NC-Z connection from vCenter to syslog server will fail if "TCP port is blocked"
search cancel

NC-Z connection from vCenter to syslog server will fail if "TCP port is blocked"

book

Article ID: 430496

calendar_today

Updated On:

Products

VMware NSX for vSphere

Issue/Introduction

  •  Validate the connectivity from vCenter to syslog server.
  • Testing net-cat connectivity from vCenter to syslog server via "nc -zv <IP> 514" would throw an error "Connection refused", but executing a command "nc -zuv <IP> 514" is successful.

  •  From packet capture we determined that the packet was leaving the vCenter VM and we are seeing some reply from the syslog server, however when we captured the files to a file and opened the same in Wireshark the output was as follows 

  •  From the  packet capture the reply packet coming back from the Syslog server was RST packet and not the syn-ack packet which indicates port block of the port 514 for TCP traffic.

 

  • The same could be confirmed  that the logs sent from the vCenter VM was reaching the syslog server and same was confirmed by capturing the packets using the port as UDP.

  • The below captures on the syslog server we could see the traffic reaching the syslog server as below.

 



Environment

VMware vCenter Server

Cause

It was identified that the issue is because the Syslog server is not listening on port 514 for TCP and only for UDP 

Resolution

- The recommendation is to open the port 514 for TCP traffic on the syslog server to check the connectivity.

- Kindly refer this KB article  to isolate an issue related to vCenter Server VAMI shows the connection status as "Unknown" for the UDP protocol -  https://knowledge.broadcom.com/external/article/424878

Powered by Wolken Software