Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
694
Views
5
Helpful
1
Replies

The Critical message with time out- sending syslogs to SIEM

galin.gospodinov
Level 1
Level 1

‎01-09-2023 01:42 AM

Hello community,

We configure Iron port to send information  mail logs to SIEM (IBM Qradar) using syslog. The configuration is working normally and we can see the logs in the SIEM.

The problem that we have  is that  we  start to receive an Critical message:

"

The Critical message is:

Log Error: Subscription mail_SIEM: connect: Timed out after 5 seconds sending data to syslog server <SIEM_IP>.

Last message occurred 197 times between Mon Jan  9 10:11:45 2023 and Mon Jan  9 11:11:17 2023.

"

Do you know what may be the problem and how we can resolve it ?

Thank you.

Labels:
1 Reply 1

UdupiKrishna
Cisco Employee
Cisco Employee

‎01-14-2023 06:20 PM

If there are multiple ESA(s) connecting to Qradar, i would start by verifying the ESA that are throwing these errors. A general good approach would be to setup a packet capture on the ESA and Qradar. Allow the errors to populate, make a note of the time stamp.

Then review the packet capture according to the timestamp to see what's going wrong.

0 Helpful
Customers Also Viewed These Support Documents