Troubleshooting QRadar HA deployments
Use the status of the HA hosts in the System and License Management window to help you troubleshoot.
Status combinations and possible resolutions
The following table describes the possible status settings for
primary and secondary HA hosts. Each status combination requires a
different troubleshooting approach.
Primary HA host status | Secondary HA host status | Possible action |
---|---|---|
Active | Failed or Unknown | Ensure that the secondary host is on, and that you can log on to it as a root user by using SSH. If you can connect, see Restoring a failed secondary HA host. |
Failed or Unknown | Active | Ensure that the primary host is on, and that you can log on to it as a root user by using SSH. If you can connect, see Restoring a failed primary HA host. |
Unknown | Unknown | If you cannot connect to the primary or secondary HA host by using SSH, ensure that your network and hardware configuration is operational. |
Offline | Active | To set the primary host online, see Set the primary HA host online. |
Identifying active hosts
You can identify the most recent active host in your HA cluster by using SSH.
- To display the HA cluster configuration, type the following
command:
/opt/qradar/ha/bin/ha cstate
- Review the following line: in the output:
Local: R:PRIMARY S:ACTIVE/ONLINE CS:NONE P:1:0 HBT:UP RTT:2 1:0 SI:4105589 Remote: R:SECONDARY S:STANDBY/ONLINE CS:NONE P:1.0 HBC:UP RTT:2 I:11753 SI:1382557
- If the output displays
Local: R:PRIMARY S:ACTIVE/ONLINE
, the primary HA host is the active system. - If the output displays the following text,
Remote: R:SECONDARY S:ACTIVE/ONLINE
, the secondary HA host is the active system.
- If the output displays