IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Unable to receive logs in log activity.

Community Support AdminFri February 12, 2021 10:28 AM

Hello, I have successfully installed and configured IBM QRadar community edition 7.3.3 and I am sending ...

Community Support AdminFri February 12, 2021 10:34 PM

Hi, this sounds like your CE hits this issue: www.ibm.com/support/pages/node/6395080 Please check ...

1. Unable to receive logs in log activity.

Like
Community Support Admin
Posted Fri February 12, 2021 10:28 AM

Reply
Hello,
I have successfully installed and configured IBM QRadar community edition 7.3.3 and I am sending logs from my ubuntu machine through rsyslog to qradar.
I can see the logs over tcpdump using command "tcpdump -i enp0s17 port 514" but cannot see the logs in my log activity tab of web interface.
I have also added the log source manually for the ubuntu machine.
Rsyslog.conf (Ubuntu)
*.* Support Member:514

#QRadar
#Support
#SupportMigration
2. RE: Unable to receive logs in log activity.

Like
Community Support Admin
Posted Fri February 12, 2021 10:34 PM

Reply
Hi,
this sounds like your CE hits this issue: www.ibm.com/support/pages/node/6395080
Please check this first. Just run this command as described in this support note..
/opt/qradar/support/all_servers.sh -Ck 'if [ -f /opt/qradar/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/ecs/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ; fi ; if [ -f /usr/eventgnosis/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /usr/eventgnosis/ecs/license.txt ; fi ; if [ -f /opt/qradar/conf/templates/ecs_license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/conf/templates/ecs_license.txt ; fi'
Verify, if events are received after you've applied this command.
Regards,
Ralph

#QRadar
#Support
#SupportMigration

IBM QRadar

Unable to receive logs in log activity.

Community Support AdminFri February 12, 2021 10:28 AM

Community Support AdminFri February 12, 2021 10:34 PM

1. Unable to receive logs in log activity.

2. RE: Unable to receive logs in log activity.

Additional
Resources

Office

Quick Links

IBM QRadar

Unable to receive logs in log activity.

Community Support AdminFri February 12, 2021 10:28 AM

Community Support AdminFri February 12, 2021 10:34 PM

1. Unable to receive logs in log activity.

2. RE: Unable to receive logs in log activity.

Related Content

Deeper Insights into Critical Services

Universal Cloud REST API: SLF4J ecs-ec-ingress multiple bindings question

Load Balancing Syslog Data to QRadar

QRadar App Development Tools

Issue after QRadar 7.5.0UP6 upgrade | tcpdump - illegal instruction (core dumped)

Additional Resources

Office

Quick Links

Additional
Resources