QRadar: Problem Gathering or Parsing Events From Bluecoat Device

Troubleshooting

Problem

The customer created new bluecoat devices Log Source that uses FTP protocol and is getting the following error message []INFO - Authentication Status: Successful INFO - File Transfer Status: File(s) transferred successfully ERROR - Event Collection Status: Problem gathering/parsing events[]

Symptom

The qradar.error log file shows the following error:

Mar 12 07:45:23 10.x.x.x [ecs] [FTP Provider Protocol Provider Thread: class com.q1labs.semsources.sources.remote.transferprotocol.ftp.FTPProvider470] com.q1labs.semsources.sources.remote.transferprotocol.ftp.FTPProvider: [ERROR] [NOT:0000003000][10.x.x.x/- -] [-/- -]unable to process remote stream reference: file pre-processing failed

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3;7.2","Edition":"All Editions","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

QRadar: Problem Gathering or Parsing Events From Bluecoat Device

Troubleshooting

Problem

Symptom

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?