IBM Support

QRadar: WebSphere log source that uses SFTP protocol fails with error "The file could not be opened because it is locked by another process"



For new WebSphere log source that uses SFTP protocol, the Test in Log Source Management app passes all the checks, but it does not pull any events.
The log source is in Error state and fails to pull any events.
The following error can be seen in  /var/log/qradar.log:
[ERROR] download failure for (E:/Qradar/server1/SystemOut.log), reason: Failed to retrieve file
Caused by: 4: The file could not be opened because it is locked by another process.

Diagnosing The Problem

The permissions on the log files and log folder are confirmed correct, but determined that the log files are locked.

Resolving The Problem

Work with the WebSphere and OS administrators to confirm best method to unlock the log files.
Note: The "owner" files (SystemOut.log.Owner & SystemErr.log.Owner) can be removed from the folder to resolve the issue.

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"TS010997790","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
03 November 2023