Question & Answer
Question
Why is /etc/hosts over written with entries that I removed the previous day?
Cause
/etc/hosts.default still has old information
Answer
There must be both an /etc/hosts and /etc/hosts.default file. Edit both /etc/hosts and
/etc/hosts.default and remove incorrect IP addresses to resolve the issue.
/etc/hosts.default and remove incorrect IP addresses to resolve the issue.
Without a valid /etc/hosts file the hostcontext service will not start properly.
Also do not remove the entry for loop back 127.0.0.1, it is required for internal services.
An Error will appear in the logs
ERROR BaseSyslogPortAppender::setSyslogHost::invalid syslog host:localhost
[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.1;7.2;7.3","Edition":"Enterprise","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
27 October 2022
UID
swg21962427