Qradar Syslog LinuxOS Fail

Hi Guys,

I forward Syslog (UDP 514) from Redhat5 to Manage Host (Event Collecter & Event Processor). But I cannot see any Log from Redhat5. So I ssh to managed host to troubleshoot and use command:

> tcpdump -s 0 -A host IP_Redhạt and udp port 514

It have Log from Redhat5. But the Console not display.

Services iptables is allow for udp 514. But when I check LISTEN port in Managed host. It only have 1514 Listen port for syslog-ng. Not LISTEN in port 514. Do you guys have any suggestion to troubleshoot this issue?



Leave a Reply