QRADAR cannot pull logs from the Log Server after upgrade from R80.10

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk170199
Technical Level
Product	Quantum Security Management, Multi-Domain Management, SmartLog
Version	R80.30, R80.40
OS	Gaia
Date Created	27-Oct-2020
Last Modified	05-Nov-2020

Symptoms

Log Exporter does not send data to IBM QRADAR SIEM correctly. When forwarding logs to IBM QRADAR, according to step 4 of their Troubleshooting guide, "Product" should be mapped to "cat" (instead of action) to make it work with their parser, but this does not happen.
Wrong header and wrong value in "cat" field.
Duplicate product values in "cat" field.
Exported logs contain fields with the same name.

Solution

Note: To view this solution you need to Sign In .