Version 4


    Issue: Syslog Service Rejecting packets Error Decoding Packet Packet Missing Starting '<'

     

    In the syslog tab, i'm no getting any syslog messages. if i go to the event viewer i got this message (warning):

    1. SWSyslogService.SyslogPacket.DecodePacket - Packet Missing Starting

    - Error Decoding Packet

    Error Detail-System.FormatException: Invalid character in a Base-64 string.

    at System.Convert.FromBase64String(String s)

    at SyslogService.SyslogPacket.DecodePacket()

     

    and this:

    1. SWSyslogService.SyslogPacket.DecodePacket - Packet Missing Starting

    - Error Decoding Packet Packet Missing Starting '<'

     

    source: syslog service

    eventID: 1025 &1026

     

     

    Troubleshooting :-

    Capture the Traffic using below post for the effected host.

    How to Verify Orion / Kiwi Syslog receiving  (NetFlow  port 2055) / (Traps port 162 ) / ( Syslog port  514 ) Traffic on …

     

     

    Looking at the packet capture from effected host , Comparing that packet capture to tests that I ran on my lab server, the Syslog messages are not coming across with a severity or facility.

    screen-shots of the packet capture from effected node , notice the (Unknown) part on the Syslog message in your packet capture and then looking at my test capture that is were the facility and severity should be.

     

     

    workingnode.PNG

     

    Missing Security Facility

    No Security PNG.PNG

     

     

    Or

     

    Resolution:

    Edit section

    1. Open up Database Manager application on the Orion server.
    2. Add Default Server.
    3. Right click on database and select 'New Query'.
    4. Enter the following query:
      UPDATE [dbo].[Settings] SET [CurrentValue] = 1 WHERE [SettingID] = 'SysLog-EnableRfcRelay'
    5. See if messages now appear correctly in Syslog viewer.