Environment
- CB Defense PSC Console: All Versions
- CB ThreatHunter Console: All Versions
- QRadar SIEM
Symptoms
- QRadar app.log contains Error:[Errno 110] Connection timed out
- CB events are not being imported into QRadar
Cause
QRadar requires either Syslog Port 514 UDP/TCP Port (unencrypted) or Syslog TLS Port 6514 TCP (encrypted) to be open
Resolution
Ensure one of the following syslog ports are open (depending on your syslog configuration) by the firewall so ensure that CB can import events into QRadar:
- Syslog - Port 514 UDP/TCP (unencrypted)
- Syslog TLS - Port 6514 TCP (encrypted)
Related Content