Troubleshooting
Problem
QRadar Managed Host services check for the license entitlement when they start. The license values are included in the database copy that is transferred regularly to managed hosts from the Console by the replication process.
When a managed host is not able to retrieve the current values of the database, a mismatch occurs and causes the license check failures, services not starting, and the appliance functions are interrupted.
Symptom
The following symptoms can be seen when the issue occurs:
- The managed host state is shown as unknown in the Console's user interface.
- The system notification about license expired or invalid is received in the notifications menu.
- On the managed host's /var/log/qradar.log, the following error is displayed:
[hostcontext.hostcontext] com.q1labs.hostcontext.processmonitor.ProcessManager: [INFO] [NOT:0150114104][/- -] [-/- -]Invalid or expired license detected, stopping all processes.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.3"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
26 July 2022
UID
ibm16602519