Windows User-ID Agent Not Reflecting Mapping From Syslog Server

Windows User-ID Agent Not Reflecting Mapping From Syslog Server

2738
Created On 04/09/19 14:54 PM - Last Modified 04/19/19 16:31 PM


Symptom
Cisco ISE or any other syslog sender is sending syslogs to the User-ID Agent server. However, there is no mapping seen on the User-ID Agent. The Packet Capture on the server is clearly showing syslogs being received on the server on port UDP/514.

Syslog FilterĀ 

UaDebug shows following errors:
[Error 2397]: Socket bind error: listening port 5007 is already being used!
[Error 1494]: Failed to setup UDP listening socket for Syslog.
[Info 736]: User-ID Syslog service started.


Environment
User-ID Agent installed on Windows Server

Cause
Antivirus installed on Windows server is blocking the User-ID application.

Resolution
If the antivirus application has a firewall component, add the listening port or disable the firewall component.

If that fails, try to disable the antivirus application and reboot the Windows server.

Sometimes, disabling the antivirus does not help and you may need to uninstall it.


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000PLU5&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language