Question & Answer
How can you increase QRadar Syslog Event Timeout threshold?
Log Sources that do not send an event within 720 minutes display an error in the Status column.
The following error message appears in the Log Source:
To resolve this issue, there are a couple of options:
- To increase the Syslog Event Timeout threshold, go to Admin > System Settings > Advanced > Syslog Event Timeout (minutes):
- Administrators can also manually generate events from devices that do not send events to IBM Security QRadar SIEM within 720 minutes.
Note: IBM Security QRadar SIEM on Cloud customers will need to open a PMR with the support team to increase this value as they do not have access to these settings.
Where do you find more information?
Was this topic helpful?
16 June 2018