This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-04-03 02:20 PM

UDP Port 600 from nicsftpagent ??

I'm trying to setup a NICSFTPAgent on a box to send IIS logs to envision.  The box is behind a Firewall.  All the the tests seemd to go ok as per the install instructions.  Noticed that I am seeing traffic on UDP/600 trying to go from the server (nicsftpagent??) to Envision.  Anyone know what this is?  I thought I should only see SFTP or SSH traffic and not anything else.

Thanks,

Tony

0 Likes
Reply
9 Replies
RSAAdmin
Beginner
Beginner
‎2008-04-03 04:24 PM

My understanding of this activity is that nicsftpagent sends it's logs to enVision via UDP/600. This is why nicsftpagent runs essentially silently (no log dir, no errors, etc).
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-04-03 11:36 PM

This is correct.

 

The NIC SFTP agent logs its own activity and sends these logs to enVision UDP Port 600 which ties in directly to the NIC Logger Service.

 

The NIC Logger Service is used by enVision to collect all enVision-related system activities.

 

Mark Nadir 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-04-04 08:42 AM

Thanks for the clarification. During the SFTP setup, part of it uses the psftp.exe with the private key to test the connections out to the Envision.  This of course, passed ok because it was using the standard sftp ports.  I don't think there is any mention in any of the documentation that the agent actually uses 600 instead. I guess I'll need to make a Firewall mod.

Thanks, Tony

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-04-05 04:11 PM

It sounds like you will want both tcp 22 and udp 600 open from the device to Envision. Asnie-jedisaid, udp 600 is for messages from the nicsftpagent itself while tcp 22 is used for the SFTP transfer of your IIS logs to envision.

 

(ps. good catch! always glad to see a firewall between the webserver and the inside, especialy one that is logging!)

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-11 12:39 PM

This is correct - the logs transmitted over UDP 600 are what can be used to troubleshoot the actual SFTP connection if you are having problems.

 

To see these logs within enVision:

1) go to the enVision Event Viewer

2) set the device type to NIC System

3) set a filter to look for sftp (no case matching)

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-02-16 03:32 PM

Do we need to open port biderctional ?

0 Likes
Reply
ScottPause
Beginner
Beginner
In response to RSAAdmin
‎2011-02-22 10:10 AM

no, just from the agent to enVision DSRV (in an LS config) . Matt - please confirm its the DSRV.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to ScottPause
‎2011-02-23 11:09 AM

Yes, in an LS environment the only places you will find the NIC Logger service are on D-SRVs and RCs.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-03-16 11:28 AM

Thanks Matt

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.