Question & Answer
Question
When my event collector is set to send data at a specific rate (KB/s), is there a way to tell what the actual transfer rate is from the appliance to know that I am not exceeding my restriction?
Answer
To understand the current event rate, the administrator can monitor the appliance via CLI by reviewing the log in /var/log/qradar-bm.log.
Procedure
Procedure
- Using SSH, log in to the QRadar Console.
- Using SSH, connect to the Store and Forward appliance.
- To determine the bandwidth RATE restriction, use the following command:
tac /var/log/qradar-bm.log | grep "BandwidthMonitor" -m 1
QRadar also has the following 2 standard Linux monitoring tools that you can use to monitor the network bandwidth of the appliance's network interfaces:
- ifstat
- dstat
For more information about bandwidth requirements for an event collector, read the documentation:
Bandwidth for managed hosts
Bandwidth for managed hosts
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtiAAA","label":"Performance"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]
Was this topic helpful?
Document Information
Modified date:
30 May 2023
UID
swg21690493