IBM Support

QRadar on Cloud: How does IBM Support determine the network speed between a QRadar on Cloud console and an attached data gateway?

Question & Answer


Question

How does IBM Support determine the network speed between a QRadar on Cloud console and an attached data gateway?

Answer

There are multiple ways to verify speed between console and managed host.  Some ways are listed in technote "QRadar: Replication bandwidth requirements and verifying speed between console and managed host".  Using the scp instructions on this page, requires a support ticket since QRadar on Cloud Console command-line access is needed.
After a support case is open, IBM Support can use the scp command to determine the network speed between a QRadar on Cloud console and an attached data gateway across the VPN tunnel.
The following instructions can be used for testing the network speed:

IMPORTANT: To get accurate data, it might be necessary to stop hostcontext on the Data Gateway to stop database dumps and the data forwarding to the Console or Event Processor. The event ingestion during the test is not going to be impacted.  When hostcontext is restarted, the events received but not forwarded during the network speed test are sent to the Event Processor.
  1. SSH to the Console and data gateway.
  2. Change to the root directory: 
    cd /root
  3. On the Data Gateway, stop the hostcontext service. 
    touch /opt/qradar/conf/hostcontext.STOP
systemctl stop hostcontext
  4. Create a 1GB file on the console and data gateway to be tested. 
    ​fallocate -l 1G /root/1G.file
  5. Test the data gateway to Console transfer by running the following command on the console, replacing x.x.x.x with the IP address of the data gateway: 
    ​REMOTE_HOST=x.x.x.x;echo;echo; date; echo "Transfer from Console to DG ($REMOTE_HOST)"; \
timeout 120 scp /root/1G.file $REMOTE_HOST:1G.file; echo; date
    Output Example: 
    REMOTE_HOST=10.11.12.13;echo;echo;echo; date; echo "Transfer from Console to DG ($REMOTE_HOST)"; \
> timeout 120 scp /root/1G.file $REMOTE_HOST:1G.file; echo; echo; date
-bash: ​REMOTE_HOST=10.11.12.13: command not found

Fri Oct 21 16:06:58 EDT 2022
Transfer from Console to DG (10.11.12.13)
1G.file                        100% 1024MB  92.6MB/s   00:11

Fri Oct 21 16:07:10 EDT 2022
  6. Test Console to data gateway transfer by running on the console: 
    ​REMOTE_HOST=x.x.x.x;echo;echo; date; echo "Transfer from DG ($REMOTE_HOST) to Console"; \
timeout 120 scp $REMOTE_HOST:/root/1G.file /root/1G.file-incoming; echo; date
    Output Example: 
    REMOTE_HOST=10.11.12.13;echo;echo; date; echo "Transfer from DG ($REMOTE_HOST) to Console"; \
> timeout 120 scp $REMOTE_HOST:/root/1G.file /root/1G.file-incoming; echo; date

Fri Oct 21 18:50:45 EDT 2022
Transfer from DG (10.11.12.13) to Console
1G.file     100% 1024MB 104.2MB/s   00:09                                             

Fri Oct 21 18:50:56 EDT 2022
  7. Clean up the file 1G.file and 1G.file-incoming on all hosts. 
    rm -fv /root/1G.file
rm -fv /root/1G.file-incoming
  8. Start the hostcontext service on the Data Gateway. 
    rm -fv /opt/qradar/conf/hostcontext.STOP
systemctl start hostcontext

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKMKU","label":"IBM QRadar on Cloud"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
27 October 2022

UID

ibm16830113

Page Feedback