Hello,
I have a CentOS 5.10 VM on my site where Syslog is configured to forward logs to a QRadar Event Collector on the same network.
When testing with Telnet on ports 514 and 1514 towards the QRadar EC IP, I can confirm that packets are reaching the QRadar EC (verified via tcpdump).
However, after configuring Syslog with the following line:
no logs appear in QRadar.
Could this be related to a configuration requirement specific to this Linux version? Is there a different setup needed on CentOS 5.10 for Syslog to properly forward logs to QRadar?
Thank you in advance for your support.
Best regards,