How do I troubleshoot if the syslogs are not arriving at the syslog folder in GMS?

In some installation we have observed, syslogs are leaving the firewall (shows in packet capture) but never arrives at  /GMSVP/syslog directory in Windows environment.

1. Disk Space:

Make sure there are more than 10% disk space available in the installation directory. GMS always requires 10% of total disk space to keep the system integrity. 

2. Make sure UDP default port is open and  listening: 

We can use netstat -an command to see if the port is open.

- Open the command line

- Type: Netstat -an (C:Usersepatwary>netstat -an)

3. Open syslog port if not  already opened:

If the port is not open we need to open the port manually in the advanced settings:
- Windows start menu > Windows Firewall with Advanced Security

- Inbound Rules > New Rule > Select radio button with Port > Next 
- UDP > Port 514 (Default) > next 
- Allow the connection > Next
- Allow to Domain, Private and Public > Next 
- Give it a name (e.g. GMS_port)
- Finish

4. Use of Wireshark:

We can also install 'Wireshark' to see if the syslogs are arriving at the installation server. We can use the filter udp.port==514.  This will filter all the syslogs receiving on port 514.

5. Check  syslog port on sgmsConfig.xml file during the installation:

- Sometime during the installation client can decide to use different port rather than default syslog port 514. If the port is different than 514 we need check step 2,3 and 4 for all the settings.

- To verify the port open the  sgmsConfig.xml file ( /GMSVP/conf directory)

- Check the following parameter:
  value="514"/>

6. Restart the syslog collector service if needed.