IBM Security QRadar

 View Only
Expand all | Collapse all

QRadar DLC - Disconnected Log Collector

  • 1.  QRadar DLC - Disconnected Log Collector

    Posted Tue November 17, 2020 06:51 AM
    Hi my friends! I hope you're all are healthy!

    Does anyone have a general overview of the necessary steps to install DLC in a 7.4.1 QRadar All-in-one environment?

    Few months ago I installed a DLC without big challenges, but now I'm trying without succes.

    The previous version I just created a DSM Universal Log Source with protocol type DLC and that's it. Now this options isn't enough to start the 32500 udp port and the messages from DLC never appear into log activity.

    Help please!

    Best,

    ------------------------------
    Eduardo Ellery
    ------------------------------


  • 2.  RE: QRadar DLC - Disconnected Log Collector

    Posted Mon November 30, 2020 09:58 AM
    If 32500 is not opened when you deployed your changes after creating the DLC protocol log source, try restarting ecs-ec-ingress, that should start the listener

    ------------------------------
    Mario Palombo
    ------------------------------