We currently have a problem that a DataMiner driver does not receive certain traffic (syslog messages) although we can prove with Wireshark that all required traffic actually arrives at the correct network interface of the DataMiner agent. What is the best way to troubleshoot this further?
Make sure you have checked that Windows firewall is not blocking external traffic on that port. You can do so by adding an inbound rule on the UDP Port 514 (the syslog port).
Wireshark’s capturing engine, WinPcap, actually gets access to incoming packets before Windows firewall. So it makes sense that you would see it in Wireshark yet still be blocked from the DMA/driver.
Source: https://serverfault.com/questions/624952/can-firewall-block-packets-visible-in-wireshark#:~:text=1%20Answer&text=Yes.,firewall%20running%20on%20the%20PC.