Management

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  STRM not presenting logs anymroe

    Posted 04-04-2021 11:55
    Hi

    We have STRM (hardware machine)
    2013.1.r3.495292 (7.1.0.495292)

    It is not showing logs in the UI anymore
    We are not sure since when this problem because we don't login to this machine on daily bases

    - tcpdump is showing that machine is receiving the logs from other SRXs
    - df -h showing that /var is not at 95% not full
    [root@strm ~]# df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/sda2              20G  4.6G   15G  25% /
    tmpfs                 5.9G     0  5.9G   0% /dev/shm
    /dev/sda1              97M   38M   55M  41% /boot
    /dev/sda8             1.3T  972G  218G  82% /store
    /dev/sda5             9.9G  151M  9.2G   2% /store/tmp
    /dev/sda3             9.4G  3.1G  5.9G  35% /var/log​

    And there is no notifications in the UI:

    So we're not sure what is the problem... It just stopped to present logs in the UI, just like that.

    Not sure what should I search in the qradar log file ..nothing there regarding the disk space or thresholds or errors

    Please advise


  • 2.  RE: STRM not presenting logs anymroe

    Posted 04-05-2021 10:48
    We noticed those messages in the /var/log/messages:

    strm syslog-ng[1885]: Syslog connection failed; fd='41', server='AF_INET(192.168.198.102:514)', error='Connection refused (111)', time_reopen='60'​


    We rebooted the STRM and the issue still occurs

    We also noticed this in log sources, all devices showing error state
    Status: ERROR - Events have not been received from this Log Source in over 720 minutes.
    Last Updated: 2021-03-28 02:59​






  • 3.  RE: STRM not presenting logs anymroe

    Posted 04-16-2021 06:42
    Hi,

    Did you solved the issue?
    I'm facing the same problem.
    I noticed that server has restarting status.



    ------------------------------
    TOMASZ KARCZEWSKI
    ------------------------------



  • 4.  RE: STRM not presenting logs anymroe

    Posted 04-16-2021 09:37
    No actually I'm still facing the problem
    But mine showing Active status in license

    ------------------------------
    Abed AL-Rahman Bishara
    ------------------------------



  • 5.  RE: STRM not presenting logs anymroe

    Posted 05-04-2021 00:54
    I'm sharing the solution

    https://www.ibm.com/support/pages/updated-qradar-deploy-changes-31-december-2020-can-impact-product-functionality

    ------------------------------
    Abed AL-Rahman Bishara
    ------------------------------