IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  TLS Syslog

    Posted 21 days ago

    We had QRadar 7.5.0 Update Package 9(AIO). One LogSource supports TLS only therefore, we would like to opt for the TLS syslog solution.
    LogSource expects three .pem files as:
    1. Remote System log CA Certificate File

    2. Remote System log Certificate file

    3. Remote system log private key.

    The above items are shared, and the configuration is done in QRadar as well:

    Server Certificate Type: PEM Certificate and Private Key
    But it's not working, here is the observations:
    1. Test:  
    • Testing SSL connection to [127.0.0.1:6514]
      Initiating SSL handshake to [127.0.0.1:6514] with a timeout of 10000 Error: Unable to connect to host [127.0.0.1] on port [6514]: Received fatal alert: handshake_failure.
      2. The pcap was collected in QRadar. I see that the Client Hello and Client Key Exchange requests were received, but QRadar has not responded.
      I am wondering if any detailed MOP/Sample Config doc is available, or if someone can suggest.
      Thanks.


    ------------------------------
    Pawan Singh
    ------------------------------


  • 2.  RE: TLS Syslog

    Posted 20 days ago

    Did you try to bundle the full chain into a .p12 ?



    ------------------------------
    Dusan VIDOVIC
    ------------------------------

    Original Message


Related Content