Hello,
I try to use Syslog server but i have a small problem to configure it.
I have two computers : 192.168.1.93 (where log forwarder installed) and 192.168.1.100 (where syslog server is installed). the port 514 is open.
When I tried with the test button (or klog), the message is not receive on my syslog server the first time... I must ping the computer before and after try again the test and it's ok... do you know why ? like if it's closed the session... that's means when i have event log on my 192.168.1.93 i never receive log in my server...
Example :
Klog from my 192.168.1.93 to syslog server, we can see on wireshark that nothing transit :
Klog from my 192.168.1.93 to syslog server after a ping, we can see on wireshark that my syslog test message works... :
If i setup log forwarder in the same computer as the syslog server (localhost) => it's work.
I tried also with another computer and it's the same problem...
Have you an idea :(