We purchased the Nitro Logging Appliance and fell in love with some of it’s features. Right as we purchased it though Mcafee came in and purchased the company because it was a great product. While Mcafee is all over the product now it doesn’t seem to be lacking in features or functionality. I have found quite a few things that don’t really seem to be documented anywhere else that I will start putting into my blog. The first of which on this post will be common commands to run to find out what is going on with the appliance and to make sure that it is working.
Check that logs are coming in:
tcpdump -nnXi eth0 host (ip of host) and port (syslog port) -s0
tcpdump -nnxi eth0 src net (subnet)/24 and port (syslog port) -s0
The logs won’t be human readable but at least you can see that data is coming in.
Stop and start the Services(this is case sensitive):
I will continue to put up posts and log important stuff here as time goes on.