IBM Support

QRadar: Deploy Changes continually times out due to a permission issue

Troubleshooting


Problem

This technote describes an issue where a deploy changes might time out when the permissions are modified for the /opt/qradar/conf directory.

Symptom

When an administrator clicks Deploy Changes from the Admin tab, the system attempts to complete the operation, but eventually displays a timeout message.

When a permissions issue is the root cause, the following messages may be seen in /var/log/qradar.error

Feb 28 05:00:00 IP Address [tomcat] [Thread-16009] ComponentOutput: [ERROR] [NOT:0000003000][IP Address/- -] [-/- -]ErrorStream postDeployScripts: mv: cannot move `/tmp/nvaconf.temp.OCx5hT.sorted' to `/opt/qradar/conf/nva.conf': Permission denied.

Cause

The permission level assigned to the /opt/qradar/conf directory might have been changed.

Diagnosing The Problem

The administrator should review the permissions and ownership that is assigned to the configuration directory for QRadar.

Procedure

  1. Using SSH, log in to QRadar as the root user.
  2. To verify the permission level, type the following command: ls -ld /opt/qradar/conf.
  3. Review the permissions and ownership that is assigned to the /opt/qradar/conf directory.

    The permissions should be: drwxrwxr-x. 29 nobody nobody 45056 Feb 27 14:36 conf.

    Example screen capture:


    If the owner and group of the directory have changed, deploys may fail because the Tomcat process which performs the deploy needs to run as nobody nobody.


Resolving The Problem

The administrator must correct the permissions or ownership of the directory by using the appropriate chmod and chown commands. The owner of the directory must be nobody nobody.


Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Admin Console","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3;7.2","Edition":""}]

Document Information

Modified date:
16 June 2018

UID

swg21666080