Troubleshooting
Problem
For new WebSphere log source that uses SFTP protocol, the Test in Log Source Management app passes all the checks, but it does not pull any events.
The log source is in Error state and fails to pull any events.
The following error can be seen in /var/log/qradar.log:
[ERROR] download failure for (E:/Qradar/server1/SystemOut.log), reason: Failed to retrieve file
Caused by: 4: The file could not be opened because it is locked by another process.
Diagnosing The Problem
The permissions on the log files and log folder are confirmed correct, but determined that the log files are locked.
Resolving The Problem
Work with the WebSphere and OS administrators to confirm best method to unlock the log files.
Note: The "owner" files (SystemOut.log.Owner & SystemErr.log.Owner) can be removed from the folder to resolve the issue.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"TS010997790","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
03 November 2023
UID
ibm16839679