QRadar: WebSphere log source that uses SFTP protocol fails with error "The file could not be opened because it is locked by another process"

Troubleshooting

Problem

For new WebSphere log source that uses SFTP protocol, the Test in Log Source Management app passes all the checks, but it does not pull any events.

The log source is in Error state and fails to pull any events.

The following error can be seen in /var/log/qradar.log:

[ERROR] download failure for (E:/Qradar/server1/SystemOut.log), reason: Failed to retrieve file

Caused by: 4: The file could not be opened because it is locked by another process.

Diagnosing The Problem

The permissions on the log files and log folder are confirmed correct, but determined that the log files are locked.

Resolving The Problem

Work with the WebSphere and OS administrators to confirm best method to unlock the log files.

Note: The "owner" files (SystemOut.log.Owner & SystemErr.log.Owner) can be removed from the folder to resolve the issue.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"TS010997790","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

QRadar: WebSphere log source that uses SFTP protocol fails with error "The file could not be opened because it is locked by another process"

Troubleshooting

Problem

Diagnosing The Problem

Resolving The Problem

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?