Documentation Center
AlienVault® USM Appliance™

How to Troubleshoot OTX Replication Between Sensor and Server

Version: 5.x
Deployment: All deployments

The following topic addresses troubleshooting OTX replication failing when port 6380 traffic is blocked between a AlienVault USM Appliance remote sensor and the USM Appliance Server or USM Appliance All-in-One.

When the firewall blocks port 6380, the sensor is unable to query the redis-server running on the USM Appliance All-in-One or USM Appliance Server.

  1. Prior deploying a new Sensor Check the following port availability on the USM Appliance Server or All-in-One and Sensor
  2. iptables -nvL

    OUTPUT:

    Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

  3. Add the Sensor to the All-in-One or Server and Confirm that port 6380 is open automatically

iptables -nvL

OUTPUT:

Sensorhost:/# iptables -nvL | grep 6380

0 0 ACCEPT tcp -- * * 127.0.0.1 0.0.0.0/0

state NEW tcp dpt:6380

0 0 ACCEPT tcp -- * * 192.168.128.10 0.0.0.0/0

state NEW tcp dpt:6380

The automatic opening and closing of port 6380 on USM Appliance Appliances has been resolved post-5.1 release and upon adding or removing the sensor, the port will automatically be opened or closed on demand.

If you are running USM Appliance All-in-One, Server or Sensor prior to version 5.1, you can manually add the correct Server/Sensor IP through the rule below.

  1. Check on the firewall device that resides between the USM Appliance All-in-One or Sever and Sensor and open port 6380 TCP.
  2. For prior to 5.1 USM Appliance All-in-One, Servers or Sensor, create the following firewall rule as required

-A INPUT -p tcp -m state --state NEW -m tcp --dport 6380 -s 127.0.0.1 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 6380 -s 192.168.128.10 -j ACCEPT