How To
Summary
This technote shows you how to change your QRadar® CLI timeout period from the default 10 min.
Environment
QRadar 7.4.x / 7.5.x
Steps
Important: Changing this value can conflict with your organization's security policy and requirements. Check the policies and requirements before you make any changes.
- Log in to your Console by using your root account credentials. If you have a nonpriviledged account, use sudo -i or su -.
- Check the current values:
grep ClientAliveInterval /etc/ssh/sshd_config
grep ClientAliveInterval /opt/qradar/conf/ssh/sshd_config.defaults //Note, changes in this file are persistent over logins and reboots.
The default value is expressed in seconds. 600 seconds = 10 minutes.
Expected output:
#ClientAliveInterval 0
ClientAliveInterval 600 - Make a backup copy of both files by running the following command:
mkdir -pv /root/ssh_backup
cp -v /etc/ssh/sshd_config /root/ssh_backup/sshd_config.orig
cp -v /opt/qradar/conf/ssh/sshd_config.defaults /root/ssh_backup/sshd_config.defaults.orig - Open both files in turn in an editor, make changes, and Save and Exit:
- vi /etc/ssh/sshd_config
- vi /opt/qradar/conf/ssh/sshd_config.defaults
- Change the value for ClientAliveInterval from 600 to a value that matches your security policy or requirements.
- Restart the sshd service: systemctl restart sshd
If you need to revert the changes, copy the original files to their original locations with their original file names, and restart the sshd service again.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
22 April 2022
UID
ibm16569163