Franofcholet
Reputation: 111
QRadar no listening on 514 port
I install a fresh QRadar community, and have configured a syslog event source.
But QRadar is not listening on the 514 port (no TCP nor UDP)
Do you have any idea ?
Here is the output of netstat:
[root@localhost ~]# netstat -nlp|grep 514
tcp6 0 0 :::1514 :::* LISTEN 24177/syslog-ng
udp6 0 0 :::1514 :::* 24177/syslog-ng
Many thanks for your help !
Upvotes: 0
Views: 5307
Answers (1)
thfmn
Reputation: 31
I had the same problem with my fresh QRadar CE 7.3.3 installation. Syslog was not listening on port 514 and no other log events were displayed in real-time stream.
In /var/log/qradar.log the following message showed up:
Apr 10 08:48:43 ::ffff:X.X.X.X [masterdaemon.masterdaemon] [Thread-70] com.eventgnosis.ecs: [INFO] [NOT:0000006000][X.X.X.X/- -] [-/- -]Waiting for valid license...
Finally I found this support article on IBM's support pages. After updating the license file as described in the article everything works fine.
Upvotes: 3
Related Questions
- Unable to send data using QSerialPort
- QML Profiler fails to connect to server
- Sending security access logs
- Qtcpserver return unknown error on listen function only under debugger
- PyQt5 QUdpSocket not binding to address and a port
- QTcpServer listening on address 0.0.0.0
- Connection Lost. Make sure that Qlik Sense is running properly
- Signals not received using QServiceManager
- How to listen to a well-known tcp port using QTcpServer
- How do I watch a serial port with QSocketNotifier (linux)?