QRadar no listening on 514 port

4.6k Views Asked by Franofcholet At 18 February 2021 at 22:06

I install a fresh QRadar community, and have configured a syslog event source.

But QRadar is not listening on the 514 port (no TCP nor UDP)

Do you have any idea ?

Here is the output of netstat:

[root@localhost ~]# netstat -nlp|grep 514
tcp6       0      0 :::1514                 :::*                    LISTEN      24177/syslog-ng
udp6       0      0 :::1514                 :::*                                24177/syslog-ng

Many thanks for your help !

Original Q&A

There are 1 best solutions below

thfmn On 10 April 2021 at 07:20

I had the same problem with my fresh QRadar CE 7.3.3 installation. Syslog was not listening on port 514 and no other log events were displayed in real-time stream.

In /var/log/qradar.log the following message showed up:

Apr 10 08:48:43 ::ffff:X.X.X.X [masterdaemon.masterdaemon] [Thread-70] com.eventgnosis.ecs: [INFO] [NOT:0000006000][X.X.X.X/- -] [-/- -]Waiting for valid license...

Finally I found this support article on IBM's support pages. After updating the license file as described in the article everything works fine.

QRadar no listening on 514 port

There are 1 best solutions below

Related Questions in SYSLOG

Related Questions in QRADAR

Trending Questions

Popular # Hahtags

Popular Questions