Troubleshooting on Collector – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Mon, 30 Sep 2024 10:34:40 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 https://www.sgbox.eu/wp-content/uploads/2020/09/cropped-Logo-SGBox-Trasparente-NO-SCRITTA-150x150.webp Troubleshooting on Collector – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 Collector TCPDump https://www.sgbox.eu/en/knowledge-base/collector-tcpdump/ Wed, 27 Jul 2022 13:12:16 +0000 http://10.253.1.91/?post_type=epkb_post_type_1&p=7671 Collector TCPDump

There are some tools you can use via CLI in order to check if there are some problems to receive or visualize data.
Connect via ssh (using a program like Putty) to the collector specifying the user sgbox.
If you haven’t changed them through the wizard, the default credentials are:

user: sgbox
pass: sgbox

Choose Appliance statistics

Dump network traffic

This option allows you to run a tcpdump directly on SGBox in order to check if the platform is correctly receiving logs from the data source, using the right port or protocol.
From
Collector TCPDump
Collector TCPDump
it’s possible choose three different way:

  1. Filter by IP: simple filter on data source IP all ports and protocols
  2. Filter SGBox ports: simple filter on ports 514 and 443 from all the data source
  3. Expert: you can enter all the tcpdump parameters.

In our example we choose Expert and we filter on host 192.168.2.9.
Collector TCPDump
Collector TCPDump
Collector TCPDump

]]>