OK, that's probably the issue. Go ahead and create the log source and deploy. That will start the server on port 6514 (it isn't running by default).
------------------------------
Rory Bray
Security and Compliance Architect, Threat Management
IBM
------------------------------
Original Message:
Sent: Mon May 05, 2025 04:17 PM
From: Adem Güler
Subject: Syslog TLS 6514 port issue
I didn't create a log source because the test failed, what I was expecting here was that traffic would be generated and see the source itself.
------------------------------
Adem Güler
Original Message:
Sent: Mon May 05, 2025 04:15 PM
From: Rory Bray
Subject: Syslog TLS 6514 port issue
Did you deploy and re-try the test? It's not obvious but the protocols that listen have to be deployed the first time they are setup.
------------------------------
Rory Bray
Security and Compliance Architect, Threat Management
IBM
Original Message:
Sent: Mon May 05, 2025 04:12 PM
From: Adem Güler
Subject: Syslog TLS 6514 port issue
Hi guys,
I want to transfer the logs of a resource on the cloud to the qradar I use inside, for this I defined a vip towards the public ip and I saw that this step passed through the FW, but these logs do not come to Qradar. When I run netstat -tuln | grep 6514, the output comes blank. When I create a log source on Qradar and test it, I get the following error. what should I do?
Testing SSL connection to [127.0.0.0.1:6514]
Initiating SSL handshake to [127.0.0.1:6514] with a timeout of 10000 ms
Error: Unable to connect to host [127.0.0.1] on port [6514]: Connection refused (Connection refused)
Thanks in advance
------------------------------
Adem Güler
------------------------------