Topic
  • No replies
Naveed Anjum Sadiq
Naveed Anjum Sadiq
2 Posts

Pinned topic Adding QFlow to QRadar SIEM

‏2016-03-11T12:58:41Z | host managed qflow qradar ssh

Hi,

Here in a deployment we are trying to add Qflow as per the following plan:

  • QRadar SIEM 31XX has 4 Network Interfaces
    • eth0 - used for management with IP 192.168.63.252 with gateway 192.168.63.1
    • eth1 - used for log collection with IP 192.168.64.10 without gateway
    • eth2 - used for log collection with IP 192.168.64.9 without gateway
    • eth3 - directly connected with QFlow collector using IP 192.168.64.8
  • IP Address of QFlow collector is 192.168.64.7
  • I added a static route for eth3 and now able to connect with QFlow using SSH from Qradar and vice versa

Now when trying to add QFlow by "Add Managed Host" I get following errors after step 10.

  • [add_host] [main] com.q1labs.configservices.common.ConfigServicesException: Failed to read output from ssh connection on host 192.168.64.7
  • SSH connection or SSH command execution failed. The ip of the host is: 192.168.64.7

Any help regarding this also please confirm:

Is it necessary to use the management IP of console in order to communicate with QFlow, or we can use dedicated cable via some other interface.