Syslog Service Rejecting packets Error Decoding Packet Packet Missing Starting '

GoldTipu

Issue: Syslog Service Rejecting packets Error Decoding Packet Packet Missing Starting '<'

In the syslog tab, i'm no getting any syslog messages. if i go to the event viewer i got this message (warning):

SWSyslogService.SyslogPacket.DecodePacket - Packet Missing Starting

- Error Decoding Packet

Error Detail-System.FormatException: Invalid character in a Base-64 string.

at System.Convert.FromBase64String(String s)

at SyslogService.SyslogPacket.DecodePacket()

and this:

SWSyslogService.SyslogPacket.DecodePacket - Packet Missing Starting

- Error Decoding Packet Packet Missing Starting '<'

source: syslog service

eventID: 1025 &1026

Troubleshooting :-

Capture the Traffic using below post for the effected host.

How to Verify Orion / Kiwi Syslog receiving (NetFlow port 2055) / (Traps port 162 ) / ( Syslog port 514 ) Traffic on …

Looking at the packet capture from effected host , Comparing that packet capture to tests that I ran on my lab server, the Syslog messages are not coming across with a severity or facility.

screen-shots of the packet capture from effected node , notice the (Unknown) part on the Syslog message in your packet capture and then looking at my test capture that is were the facility and severity should be.

Missing Security Facility

No Security PNG.PNG

Resolution:

Open up Database Manager application on the Orion server.
Add Default Server.
Right click on database and select 'New Query'.
Enter the following query:
UPDATE [dbo].[Settings] SET [CurrentValue] = 1 WHERE [SettingID] = 'SysLog-EnableRfcRelay'
See if messages now appear correctly in Syslog viewer.

Find more posts tagged with

syslog

npm

Accepted answers

All comments

There are no accepted answers yet