Support Center > Search Results > SecureKnowledge Details
QRADAR cannot pull logs from the Log Server after upgrade from R80.10 Technical Level
Symptoms
  • Log Exporter does not send data to IBM QRADAR SIEM correctly. When forwarding logs to IBM QRADAR, according to step 4 of their Troubleshooting guide, "Product" should be mapped to "cat" (instead of action) to make it work with their parser, but this does not happen.

  • Wrong header and wrong value in "cat" field.

  • Duplicate product values in "cat" field.

  • Exported logs contain fields with the same name.
Solution
Note: To view this solution you need to Sign In .