Hello All!
We have a envirorment using DLC to Foward default syslog TCP e UDP to Qradar and it´s really works fine. Servers -> DLC(514/UDP or TCP) -> Qradar.
But now is necessary use the DLC server to trate TCP Multiline Syslog too. So we use the IBM DLC Guide, we had configured and added the new log source in logSources.json file the script test runs without any errors, de firewalls rules of DLC was ajusted and the source server can estabilishe conexão with the TCP Multiline port open in DLC server.
But when we send logs to DLC in TCP multiline port the logs are seen in TCP dump incoming in DLC, but the logs aren´t fowarded to Qradar.
Anyone more had the same problema and get resolve it?
Thank you in advance.
------------------------------
Rodrigo Teixeira
------------------------------