|Applies To||RSA Product Set: Security Analytics, Netwitness Logs & Network|
RSA Product/Service Type: Log Collector, Log Decoder
RSA Version/Condition: 10.x, 11.x
O/S Version: EL6, EL7
|Issue||Sometimes for troubleshooting purposes, it is useful to check if the (local) Log Collector is forwarding traffic to the Log Decoder.|
In this scenario, the Log Collector is in the same box as the Log Decoder.
Since the TCP Collector module inside the Log Collector forwards unstructured events to the Log Decoder on port 514 over TCP on the loopback address, you can perform a tcpdump to capture the traffic using the following command:
|Legacy Article ID||a65438|