PSC: QRadar Error:[Errno 110] Connection timed out

search cancel

PSC: QRadar Error:[Errno 110] Connection timed out

book

Article ID: 289455

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

QRadar app.log contains Error:[Errno 110] Connection timed out
CB events are not being imported into QRadar

Environment

CB Defense PSC Console: All Versions
CB ThreatHunter Console: All Versions
QRadar SIEM

Cause

QRadar requires either Syslog Port 514 UDP/TCP Port (unencrypted) or Syslog TLS Port 6514 TCP (encrypted) to be open

Resolution

Ensure one of the following syslog ports are open (depending on your syslog configuration) by the firewall so ensure that CB can import events into QRadar:

Syslog - Port 514 UDP/TCP (unencrypted)
Syslog TLS - Port 6514 TCP (encrypted)

Feedback

thumb_up Yes

thumb_down No