Troubleshooting problems

Use this information to troubleshoot any problems with the QRadar® Network Packet Capture appliance.

Slow response rate on simultaneous searches

If you submit five or more searches in quick succession, with auto-download enabled, you might see the following message:
Slow Response: High round-trip time detected for connection to device
In this situation, the user interface can take up to a minute to respond. This is a web browser limitation due to the number of simultaneous connections.

New installation on a Lenovo appliance shows excessive syslog messages

After completing a new installation of IBM® QRadar Network Packet Capture on a Lenovo appliance, the following syslog message appears repeatedly in the /var/log/messages file:
Unable to sync network configuration: Network configuration with more than 1 active connection not allowed.

This message might indicate that the installation process enabled a second Ethernet interface. The warning message is benign and does not impact the packet capture process, but you might want to stop the message from appearing in the log file.

To stop the messages from appearing in your log file, follow these steps:
  1. Log in to the PCAP server as the root user.
  2. On the command line, type nmtui to run the Network Manager Text User Interface Tool.
  3. Select Activate a connection to view the connections list.
  4. If the USB Ethernet connection is active, select the interface and press Enter to deactivate it.

    An active interface is indicated by a * beside the interface name.

  5. Select Back and then select Quit to exit.