Troubleshooting
Problem
The 'Server port is not specified' message can indicate that an Event Collector is not attached to an Event Processor. When this issue occurs, tcpdump confirms incoming events on the Event Collector, but the Log Activity tab does not display data from the log sources. Administrators who experience this error message can confirm that the Event Collector is attached to an Event Processor.
Symptom
In the qradar.log file, a TCP_TO_EP error is displayed related to the 'Server port is not specified'. For example,
[ecs-ec.ecs-ec] [ECS Runtime Thread] java.lang.RuntimeException: Error attempting to load Event_Collect.hostname.com:ecs-ec/EC/TCP_TO_EP Error : java.lang.RuntimeException: Server port is not specified
[ecs-ec.ecs-ec] [ECS Runtime Thread] Since there isn't a configuration error handler defined, the original error is wrapped in a new RuntimeException
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtEAAQ","label":"Log Activity"}],"ARM Case Number":"TS005445550","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
14 December 2023
UID
ibm16445121