Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1981
Views
1
Helpful
2
Replies

No logs on QRADAR from AMP event stream

Vijay.Reddy
Level 1
Level 1

‎01-29-2021 07:58 AM

Hello all 

 

i have created an event stream and configured the queue on siem to collect events. i was able to verify that events are being collected using Ruby tool. 

Also on my eventcollector i was able to see communication with cisco AMP on tcpdump. 

 

 

However i do not see any logs on QRADAR siem.  

 

The error i see "No events received in 10 minutes. If Automatically Manage Event Stream is set to "No", the Queue Name might be invalid."

 

Any thoughts on this issue ? 

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Tobias.S
Level 1
Level 1

‎08-21-2024 03:34 AM

Old post but will give it a try, did you solve this?

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee

‎08-21-2024 04:44 AM

Considering the event stream was verified with another tool, this appears to be a configuration issue/error on the Qradar side. I'd suggest asking for their support if it is not working properly once the stream has been verified.

Thanks,

-Matt

Customers Also Viewed These Support Documents