Cisco IronPort Event Collector at SSIM 4.8
I don't get any event from my Cisco C160 (Async 7.6.0-444). Cisco Event Collector v4.3 install at SSIM Applaince. Sensor listen port UDP 10514.
Collector log han't error.
But Ironport Events doesn't collect in system. In default, Cisco Ironport send event to syslog port 514, but Cisco Event Collector v4.3 don't support syslog.
I tried redirect event from Cisco host to port 10514, but it didn't get result.
I used iptables for redirect:
iptables -t nat -A PREROUTING -s 10.2.a.b/32 -p UDP -m multiport --dport 514 -j REDIRECT --to-port 10514
What did I do incorrect?