Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1467
Views
5
Helpful
2
Replies

The Critical message with time out- sending syslogs to SIEM

galin.gospodinov
Level 1
Level 1

‎01-09-2023 01:42 AM

Hello community,

We configure Iron port to send information  mail logs to SIEM (IBM Qradar) using syslog. The configuration is working normally and we can see the logs in the SIEM.

The problem that we have  is that  we  start to receive an Critical message:

"

The Critical message is:

Log Error: Subscription mail_SIEM: connect: Timed out after 5 seconds sending data to syslog server <SIEM_IP>.

Last message occurred 197 times between Mon Jan  9 10:11:45 2023 and Mon Jan  9 11:11:17 2023.

"

Do you know what may be the problem and how we can resolve it ?

Thank you.

Labels:
2 Replies 2

Udupi Krishna.
Cisco Employee
Cisco Employee

‎01-14-2023 06:20 PM

If there are multiple ESA(s) connecting to Qradar, i would start by verifying the ESA that are throwing these errors. A general good approach would be to setup a packet capture on the ESA and Qradar. Allow the errors to populate, make a note of the time stamp.

Then review the packet capture according to the timestamp to see what's going wrong.

0 Helpful

Jessi Patterson
Level 1
Level 1

‎07-29-2025 05:52 AM

I am getting the same critical alert several times a day. Was a resolution for this ever found? 

0 Helpful
Customers Also Viewed These Support Documents