APAR status
Closed as program error.
Error description
Unparsed logs that go to a managed host's SIM Generic LS in 7.5.0 Update Package 4 and later can incorrectly go to the Console's SIM Generic log source. When this issue occurs, payloads that do not parse on a managed host that get categorized as SIM Generic; however, the SIM Generic events also display on the Log Acvitiy tab with the Source and Destination IP address of the Console. It is expected that when SIM Generic log source events are parsed by a managed host, the event pipeline does not display as SIM Generic events received by the Console.
Local fix
No workaround available. APARs identified as 'No workaround available' require a software delivery to resolve. Administrators can subscribe to the APAR to receive updates when software releases are published for this issue.
Problem summary
This issue has been resolved in QRadar 7.5.0 Update Package 6.
Problem conclusion
This issue has been resolved in QRadar 7.5.0 Update Package 6.
Temporary fix
Comments
APAR Information
APAR number
IJ45736
Reported component name
QRADAR SOFTWARE
Reported component ID
5725QRDSW
Reported release
750
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-03-08
Closed date
2023-06-23
Last modified date
2023-06-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
QRADAR SOFTWARE
Fixed component ID
5725QRDSW
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"750","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
23 June 2023