Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. BlackBerry Extension for QRadar
  4. Troubleshooting
  5. Syslog consumption

Syslog consumption

Troubleshoot
Cylance
 data from the log activities not populating.
  1. Ensure searches are filtered by Log Source Type of
    Cylance
     and/or Log Source of CylanceRemoteSyslog.
  2. Ensure the CylanceRemoteSyslog Log Source is configured following syslog configuration.
  3. Ensure proper network configuration.
    • Click
      Test Connection
       hyperlink in the
      Cylance
       tenant. You should see Test Connection Successful.
    • Ensure port is open to receive syslog data. For example, assuming 6514 is being used,
      netstat - an | grep 6514
      .
    • Ensure no network or host firewalls are blocking traffic. Layer 7 firewalls may need to be told to expect TLS/SSL traffic.
      • Use a packet sniffer such as Wireshark to verify the connection is made and data is passed.
      • Inspect QRadar error logs in
        /var/log/qradar.error
         to look for any TLS and/or network related messages.