Not listening for syslogs on 514 port

View Only

Expand all | Collapse all

Not listening for syslogs on 514 port

Jump to Best Answer

1. Not listening for syslogs on 514 port

0 Like
Francois Ihry
Posted Mon February 22, 2021 10:24 AM

Reply
I installed a fresh QRadar community, and have configured a syslog event source.

But QRadar is not listening on the 514 port (no TCP nor UDP)

Do you have any idea ?

Here is the output of netstat:

[root@localhost ~]# netstat -nlp|grep 514 tcp6 0 0 :::1514 :::* LISTEN 24177/syslog-ng udp6 0 0 :::1514 :::* 24177/syslog-ng

Many thanks for your help !

------------------------------
Francois Ihry
------------------------------
2. RE: Not listening for syslogs on 514 port
Best Answer

1 Like
IBM Champion

Ralph Belfiore
Posted Mon February 22, 2021 01:32 PM

Reply
Hi Francois,

you have to apply this fix first:

if [ -f /opt/qradar/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/ecs/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ; fi ; if [ -f /usr/eventgnosis/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /usr/eventgnosis/ecs/license.txt ; fi ; if [ -f /opt/qradar/conf/templates/ecs_license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/conf/templates/ecs_license.txt ; fi

Details here:
https://www.ibm.com/support/pages/node/6395080

Regards,
Ralph

------------------------------
Ralph Belfiore
IT Security Senior Consulting
pro4bizz GmbH
Karlsruhe
+49 721 90981720
------------------------------

Original Message
3. RE: Not listening for syslogs on 514 port

0 Like
Francois Ihry
Posted Tue February 23, 2021 03:08 AM

Reply
Thank you Ralph, it was exactly that.

------------------------------
Francois Ihry
------------------------------

Original Message

IBM Security QRadar

Not listening for syslogs on 514 port

Francois IhryMon February 22, 2021 10:24 AM

Ralph BelfioreMon February 22, 2021 01:32 PMBest Answer

Francois IhryTue February 23, 2021 03:08 AM

1. Not listening for syslogs on 514 port

2. RE: Not listening for syslogs on 514 port Best Answer

3. RE: Not listening for syslogs on 514 port

2. RE: Not listening for syslogs on 514 port
Best Answer