I want to collect logs from a security device (McAfee Email Gateway) to our SIEM Syslog server. This security device can forward logs only via TCP syslog on any port (in our case it is 514). We are not getting logs from this security device and when I ran the wireshark to capture traffic from the security device to our syslog server, I got RST-ACK from the security device.
The complete wireshark is :
SYN --> from security device to syslog server SYN-ACK --> from syslog server to security device ACK --> from security device to syslog server RST-ACK --> from security device to syslog server What can be the issue? Is the three-way handshake complete? If not then why? If yes then why I am not able to see any log transfer.
Regards, Mitesh Agrawal
