IBM Support

IJ06659: NO ERROR LOGGING WHEN SNMPV3 TRAPS ARE MISCONFIGURED WITH EITHER AUTHENTICATION OR DECRYPTION PASSWORD

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Permanent restriction.

Error description

  • It has been identified that when SNMPv3 traps are configured to
    be sent into and processed by QRadar, and there is either an
    authentication or decryption password that is misconfigured,
    the traps are not ingested by QRadar and no errors/messages are
    written into the QRadar logging indicating the issue.
    

Local fix

  • No workaround available.
    

Problem summary

  • It has been identified that when SNMPv3 traps are configured to
    be sent into and processed by QRadar, and there is either an
    authentication or decryption password that is misconfigured,
    the traps are not ingested by QRadar and no errors/messages are
    written into the QRadar logging indicating the issue.
    

Problem conclusion

  • This issue has been flagged as a permanent restriction. A
    workaround is provided which resolves the issue.
    

Temporary fix

  • For QRadar versions 728/730, please restart the ecs-ec service
    with the following commands:
    728: 'service ecs-ec restart'
    730: 'systemctl restart ecs-ec'
    
    For 731 and higher please restart the ecs-ec-ingress
    service:'systemctl restart ecs-ec-ingress'
    

Comments

APAR Information

  • APAR number

    IJ06659

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    730

  • Status

    CLOSED PRS

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-05-24

  • Closed date

    2019-12-09

  • Last modified date

    2019-12-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"730","Edition":""}]

Document Information

Modified date:
09 December 2019