QRadar: How to determine the current transfer rate of a store and forward appliance

Question & Answer

Question

When my 15xx Store and Forward appliance is set to send data at a specific rate (KB/s), is there a way to tell what the actual transfer rate is from the appliance to know that I am not exceeding my restriction?

Answer

To understand the current event rate, the administrator can monitor the appliance by reviewing the log in /var/log/qradar.log.

Procedure

Using SSH, log in to the QRadar Console.
Using SSH, connect to the Store and Forward appliance.
To determine the bandwidth RATE restriction, type: grep "BandwidthMonitor" /var/log/qradar.log
The command line will display the RATE that bandwidth has been restricted to on the Store and Forward appliance.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Log Activity","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.1;7.0;7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: How to determine the current transfer rate of a store and forward appliance

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?