Troubleshooting
Problem
A managed host cannot be readed after successfully being removed while being offline or unreachable (UNKNOWN state). The addition process fails when the managed host tries to connect to Tomcat.
Symptom
On the Console WebUI, the addition process will fail with the following error:
The following error appears in /var/log/qradar.log:
[hostcontext.hostcontext] [2c3bfc3c-df07-4ea8-a156-cc0a6642c794/SequentialEventDispatcher] com.q1labs.configservices.capabilities.AddHost: [INFO] [NOT:0000006000][<IP of Console>/- -] [-/- -]Executing presence on host <IP of Managed Host> using console ip <IP of Console>
[hostcontext.hostcontext] [2c3bfc3c-df07-4ea8-a156-cc0a6642c794/SequentialEventDispatcher] com.q1labs.configservices.capabilities.AddHost: [ERROR] [NOT:0000003000][<IP of Console>/- -] [-/- -]Failed to read output from ssh connection on host <IP of Managed Host>
[hostcontext.hostcontext] [2c3bfc3c-df07-4ea8-a156-cc0a6642c794/SequentialEventDispatcher] com.q1labs.configservices.common.ConfigServicesException: Failed to read output from ssh connection on host <IP of Managed Host>
Document Location
Worldwide
[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS004662393","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
29 May 2023
UID
ibm16408992