IBM Security QRadar

View Only

Expand all | Collapse all

Not listening for syslogs on 514 port

Jump to Best Answer

1. Not listening for syslogs on 514 port

0 Recommend
Francois Ihry
Posted 4 days ago

Reply Reply Privately

Mark As Inappropriate
I installed a fresh QRadar community, and have configured a syslog event source.

But QRadar is not listening on the 514 port (no TCP nor UDP)

Do you have any idea ?

Here is the output of netstat:

[root@localhost ~]# netstat -nlp|grep 514 tcp6 0 0 :::1514 :::* LISTEN 24177/syslog-ng udp6 0 0 :::1514 :::* 24177/syslog-ng

Many thanks for your help !

------------------------------
Francois Ihry
------------------------------
Reason for Moderation

Describe the reason this content should be moderated (required)
2. RE: Not listening for syslogs on 514 port
Best Answer

1 Recommend

Francois Ihry
Ralph Belfiore
Posted 4 days ago

Reply Reply Privately

Mark As Inappropriate
Hi Francois,

you have to apply this fix first:

if [ -f /opt/qradar/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/ecs/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ; fi ; if [ -f /usr/eventgnosis/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /usr/eventgnosis/ecs/license.txt ; fi ; if [ -f /opt/qradar/conf/templates/ecs_license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/conf/templates/ecs_license.txt ; fi

Details here:
https://www.ibm.com/support/pages/node/6395080

Regards,
Ralph

------------------------------
Ralph Belfiore
IT Security Senior Consulting
pro4bizz GmbH
Karlsruhe
+49 721 90981720
------------------------------

Original Message
Reason for Moderation

Describe the reason this content should be moderated (required)
3. RE: Not listening for syslogs on 514 port

0 Recommend
Francois Ihry
Posted 4 days ago

Reply Reply Privately

Mark As Inappropriate
Thank you Ralph, it was exactly that.

------------------------------
Francois Ihry
------------------------------

Original Message
Reason for Moderation

Describe the reason this content should be moderated (required)

IBM Security Community

Learn, Network, Share. In this user community of over 10,000 members, we work together to overcome the challenges of cybersecurity.

Not listening for syslogs on 514 port

Francois Ihry4 days ago

Ralph Belfiore4 days agoBest Answer

Francois Ihry4 days ago

1. Not listening for syslogs on 514 port

2. RE: Not listening for syslogs on 514 port Best Answer

3. RE: Not listening for syslogs on 514 port

Learn, Network, Share. In this user community of over 10,000 members,
we work together to overcome the challenges of cybersecurity.

2. RE: Not listening for syslogs on 514 port
Best Answer