QRadar: How to determine the current transfer rate of a event collector via CLI

Question & Answer

Question

When my event collector is set to send data at a specific rate (KB/s), is there a way to tell what the actual transfer rate is from the appliance to know that I am not exceeding my restriction?

Answer

To understand the current event rate, the administrator can monitor the appliance via CLI by reviewing the log in /var/log/qradar-bm.log.

Procedure

Using SSH, log in to the QRadar Console.
Using SSH, connect to the Store and Forward appliance.
To determine the bandwidth RATE restriction, use the following command:
```
tac /var/log/qradar-bm.log | grep "BandwidthMonitor" -m 1
```
The command line will display the RATE that bandwidth has been restricted to on the event collector.

QRadar also has the following 2 standard Linux monitoring tools that you can use to monitor the network bandwidth of the appliance's network interfaces:

ifstat
dstat

For more information about bandwidth requirements for an event collector, read the documentation:
Bandwidth for managed hosts

Related Information

QRadar: How to determine the current transfer rate of a event collector via GUI

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtiAAA","label":"Performance"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Tips

QRadar: How to determine the current transfer rate of a event collector via CLI

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?