IBM Support

IJ26656: LOG SOURCES USING THE AKAMAI KONA PROTOCOL CAN STOP PULLING EVENTS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Log Sources configured to use the Akamai Kona RestAPI Protocol
    can stop pulling events when an "UnknownHostException" is
    received by the protocol (eg. DNS issue experienced during
    protocol query).
    Messages similar to the following might be visible in
    /var/log/qradar.log when this issue is occurring:
    ecs-ec-ingress.ecs-ec-ingress] [Akamai Kona REST API Protocol
    Provider Thread: class
    com.q1labs.semsources.sources.akamaikonarestapi.AkamaiKonaRESTAP
    IProvider3427] java .net.UnknownHostException:
    akab-uyyfbgxgw7ainbm3-wssxie3ldbia4l42.cloudsecurity.akamaiapis.
    net:
    akab-uyyfbgxgw7ainbm3-wssxie3ldbia4l42.cloudsecurity.akamaiapis.
    net: unknown error
    

Local fix

  • Toggling the Log Source experiencing the issue can correct
    this issue when it occurs:
    Perform a Disable and then Enable of the affected Log Source.
    

Problem summary

  • Resolves an issue where the test function for new log sources
    created using the Log File Protocol failed to work as expected
    when the following RPM was installed:
    PROTOCOL-LogFileProtocol-7.4-20210706193124.noarch.rpm.
    Nothing would happen and no error was generated in the QRadar
    User Interface when attempting to use the test option.
    
    This fix is available in the weekly auto update for 13 October
    2021 (Build 1634587543) and in the following RPM(s) on IBM Fix
    Central:
    PROTOCOL-AkamaiKonaRESTAPI-7.3-20210917124812.noarch.rpm
    PROTOCOL-AkamaiKonaRESTAPI-7.4-20210923143838.noarch.rpm
    

Problem conclusion

  • This fix is available in the weekly auto update for 13 October
    2021 (Build 1634587543) and in the following RPM(s) on IBM Fix
    Central:
    PROTOCOL-AkamaiKonaRESTAPI-7.3-20210917124812.noarch.rpm
    PROTOCOL-AkamaiKonaRESTAPI-7.4-20210923143838.noarch.rpm
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ26656

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    730

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-07-28

  • Closed date

    2021-10-26

  • Last modified date

    2021-10-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"730"}]

Document Information

Modified date:
27 October 2021