To confirm if the QRadar appliance reports 'Response is empty:' messages, run the following commands:
journalctl -xu hostcontext | grep "Response is empty"
Diagnosing The Problem
- To verify whether the wget request can complete on a managed host, type the following command:
wget --no-check-certificate --server-response "https://127.0.0.1/console/"
- If the proxy is blocking the connection, the following message is displayed on the screen:
--2020-05-16 13:18:55-- https://127.0.0.1/console/ Resolving proxyname.server.com (proxyname.server.com)... 192.0.2.100 Connecting to proxyname.server.com (proxyname.server.com)|192.0.2.100|:3128... connected. Proxy tunneling failed: Service UnavailableUnable to establish SSL connection.
The Proxy tunneling failed message indicates that the wget is routed through the proxy and unable to complete. The name and port of the proxy server are specified in the output. The proxy is unable to complete the request due to an SSL issue.
Resolving The Problem
To work around this issue, use one of the following methods:
Method 1: allowlist wget on your proxy
As the proxy blocks this traffic, you can add a allowlist for wget requests to go through the proxy. This allows the traffic to traverse the proxy, and the wget requests can be processed.
The wget requests that are used with deploy changes and replication now bypass the proxy and now work.
Method 2: Bypass proxy for all wget requests
To bypass the proxy for wget requests, administrators can edit the wgetrc file on the QRadar appliance to disable the wget configuration from using the proxy settings by default. By default, the QRadar appliances are configured with use_proxy = on, but administrators who experience deploy issues can disable this option.
- Use SSH to log in to IBM QRadar as a root user.
- Optional. Open an SSH session from the QRadar® Console to the managed host that failed to deploy.
- Open /etc/wgetrc in a text editor. For example, type:
- Locate the use_proxy configuration setting. For example, type:
/use_proxyBy default, the use_proxy setting for wget is on.
# If you do not want to use proxy at all, set this to off.
#use_proxy = on
- Press i to start insert mode in the vi editor.
- Set the use_proxy setting to off and remove the leading hashtag. For example:
# If you do not want to use proxy at all, set this to off. use_proxy = off
- Press Esc to exit insert mode.
- To save your changes, type:
- Restart the hostcontext process for the changes to take effect:
systemctl restart hostcontext
Was this topic helpful?
22 February 2021