IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Not listening for syslogs on 514 port

Jump to Best Answer

1. Not listening for syslogs on 514 port

Like
Francois Ihry
Posted Mon February 22, 2021 10:24 AM

Reply
I installed a fresh QRadar community, and have configured a syslog event source.

But QRadar is not listening on the 514 port (no TCP nor UDP)

Do you have any idea ?

Here is the output of netstat:

[root@localhost ~]# netstat -nlp|grep 514 tcp6 0 0 :::1514 :::* LISTEN 24177/syslog-ng udp6 0 0 :::1514 :::* 24177/syslog-ng

Many thanks for your help !

------------------------------
Francois Ihry
------------------------------
2. RE: Not listening for syslogs on 514 port
Best Answer

Like
Ralph Belfiore

IBM Champion
Posted Mon February 22, 2021 01:32 PM

Reply
Hi Francois,

you have to apply this fix first:

if [ -f /opt/qradar/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/ecs/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ep/current/eventgnosis/license.txt ; fi ; if [ -f /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/ibm/si/services/ecs-ec/current/eventgnosis/license.txt ; fi ; if [ -f /usr/eventgnosis/ecs/license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /usr/eventgnosis/ecs/license.txt ; fi ; if [ -f /opt/qradar/conf/templates/ecs_license.txt ] ; then echo -n "QRadar:Q1 Labs Inc.:0007634bda1e2:WnT9X7BDFOgB1WaXwokODc:12/31/20" > /opt/qradar/conf/templates/ecs_license.txt ; fi

Details here:
https://www.ibm.com/support/pages/node/6395080

Regards,
Ralph

------------------------------
Ralph Belfiore
IT Security Senior Consulting
pro4bizz GmbH
Karlsruhe
+49 721 90981720
------------------------------

Original Message
3. RE: Not listening for syslogs on 514 port

Like
Francois Ihry
Posted Tue February 23, 2021 03:08 AM

Reply
Thank you Ralph, it was exactly that.

------------------------------
Francois Ihry
------------------------------

Original Message

IBM QRadar

Not listening for syslogs on 514 port

Francois IhryMon February 22, 2021 10:24 AM

Ralph BelfioreMon February 22, 2021 01:32 PMBest Answer

Francois IhryTue February 23, 2021 03:08 AM

1. Not listening for syslogs on 514 port

2. RE: Not listening for syslogs on 514 port
Best Answer

3. RE: Not listening for syslogs on 514 port

Additional
Resources

Office

Quick Links

IBM QRadar

Not listening for syslogs on 514 port

Francois IhryMon February 22, 2021 10:24 AM

Ralph BelfioreMon February 22, 2021 01:32 PMBest Answer

Francois IhryTue February 23, 2021 03:08 AM

1. Not listening for syslogs on 514 port

2. RE: Not listening for syslogs on 514 port Best Answer

3. RE: Not listening for syslogs on 514 port

Additional Resources

Office

Quick Links

2. RE: Not listening for syslogs on 514 port
Best Answer

Additional
Resources