Hi,
I'm trying to collect logs from a web servers, but getting an error on the FIrewall says "tcp-rst-from-server" on port 9997. Also, I have another error "tcp-rst-from-client" on port 8089.
I have to say that there are other servers in the same VLAN that I'm getting logs from.
Where can I look to solve the problem?
Is it a question about Splunk or about the web servers?
tcp reset from client or from servers is a layer-2 error which refers to an application layer related event
It can be described as "the client or server terminated the session but I don't know why"
You can look at the application (http/https) logs to see the reason.
Hi @sbaror11,
The question is about Splunk - wondered if maybe Splunk denied somehow the connection, or I missed some configuration that preventing me from getting the logs.
I had kind of issue with "aged-out" errors on the FW logs, then I figured out that the local FW on the Splunk servers denied the connection.
Hi,
Do you have find your solution?
Have same issue between an UF on Windows server AD and an UF Relay.
Thans
