UDP Port 600 from nicsftpagent ??
I'm trying to setup a NICSFTPAgent on a box to send IIS logs to envision. The box is behind a Firewall. All the the tests seemd to go ok as per the install instructions. Noticed that I am seeing traffic on UDP/600 trying to go from the server (nicsftpagent??) to Envision. Anyone know what this is? I thought I should only see SFTP or SSH traffic and not anything else.
This is correct.
The NIC SFTP agent logs its own activity and sends these logs to enVision UDP Port 600 which ties in directly to the NIC Logger Service.
The NIC Logger Service is used by enVision to collect all enVision-related system activities.
Thanks for the clarification. During the SFTP setup, part of it uses the psftp.exe with the private key to test the connections out to the Envision. This of course, passed ok because it was using the standard sftp ports. I don't think there is any mention in any of the documentation that the agent actually uses 600 instead. I guess I'll need to make a Firewall mod.
It sounds like you will want both tcp 22 and udp 600 open from the device to Envision. Asnie-jedisaid, udp 600 is for messages from the nicsftpagent itself while tcp 22 is used for the SFTP transfer of your IIS logs to envision.
(ps. good catch! always glad to see a firewall between the webserver and the inside, especialy one that is logging!)
This is correct - the logs transmitted over UDP 600 are what can be used to troubleshoot the actual SFTP connection if you are having problems.
To see these logs within enVision:
1) go to the enVision Event Viewer
2) set the device type to NIC System
3) set a filter to look for sftp (no case matching)