IBM Support

IJ16603: AMAZON CLOUD TRAIL LOG SOURCE UNABLE TO PULL LOGS FROM AN S3 BUCKET WHEN A TILDE " ~ " EXISTS IN A FILENAME OR DIRECTORIES

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It has been identified that Amazon CloudTrail Log Source type
    is unable to pull logs from the S3 bucket when a tilde '~' is
    used in filenames or directories.
    The Log Source message when this occurs is similar to the
    following:
    ERROR - Error authenticating with Amazon S3 Bucket - update
    configuration and save or disable/enable the log source to retry
    ERROR - SignatureDoesNotMatch - The request signature we
    calculated does not match the signature you provided. Check
    your key and signing method.
    

Local fix

  • Modify directories and filenames to avoid using tilde '~'
    

Problem summary

  • This fix is available in the weekly auto update for 19 January
    2021 (Build 1610658801) and in the following RPMs on IBM Fix
    Central:
    PROTOCOL-AmazonAWSRESTAPI-7.3-20201202211715.noarch.rpm
    PROTOCOL-AmazonAWSRESTAPI-7.4-20201202211650.noarch.rpm
    

Problem conclusion

  • This fix is available in the weekly auto update for 19 January
    2021 (Build 1610658801) and in the following RPMs on IBM Fix
    Central:
    PROTOCOL-AmazonAWSRESTAPI-7.3-20201202211715.noarch.rpm
    PROTOCOL-AmazonAWSRESTAPI-7.4-20201202211650.noarch.rpm
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ16603

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    732

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-06-05

  • Closed date

    2021-01-27

  • Last modified date

    2021-01-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"732"}]

Document Information

Modified date:
28 January 2021