Hi John,
The collector is successfully added to the console and it's showing active in console. I am trying to send logs from my windows machine but its showing connection failed for the tcp 514. This is the output i am receiving when i am doing netstat on collector.
[root@ec1 ~]# netstat -nlp | grep 514
tcp6 0 0 :::1514 :::* LISTEN 27966/syslog-ng
udp6 0 0 :::514 :::* 20641/java
udp6 0 0 :::1514 :::* 27966/syslog-ng
unix 2 [ ACC ] STREAM LISTENING 1395514 26639/master private/discard
[root@ec1 ~]#
------------------------------
Hamdan Shakeel
------------------------------
Original Message:
Sent: Thu September 11, 2025 05:29 AM
From: John Dawson
Subject: IBM QRadar Node License Issue
Hi Hamdan
Is the EC listening on 514 for UDP? If so do you have any TCP syslog logsources defined for that EC?
Are there any logs coming to the console for the EC? Has the EC been added to the deployment and connected to a console or EP?
Thanks
------------------------------
John Dawson
Qradar Support Architect
IBM
Original Message:
Sent: Wed September 10, 2025 07:03 PM
From: Hamdan Shakeel
Subject: IBM QRadar Node License Issue
Dear Team,
I installed event collector and on event collector tcp 514 is not listening when i did the netstat and i believe all my 22 node licenses are consumed. Now i want to delete one old event collector and want to assign that event collector node license to the new event collector. Please let me know if i remove that event collector from console then the node license will free up automatically or i have to clear from backend and if yes then what will be the steps to cleanup from backend and free that node license.Please help me with immediate support.
Regards
Hamdan Shakeel
------------------------------
Hamdan Shakeel
------------------------------