IBM Support

QRadar: Time drift on the console affects RestAPI log sources

Question & Answer


Question

Does a time drift on the console cause RestAPI log sources to malfunction?

Answer

A time drift is said to have occurred when your console's time does not match an authoritative time source like the one on the NIST site.

RestAPI log sources are time sensitive. Hence, if there is a time drift on the console, the log source does not pull events from the end device even though the log source is in an OK state.

To verify if there is a time drift on the console, check the current date and time on the console using the date command and compare it with the time from the time source:

# date
Tue Nov  23 09:14:08 IST 2022

If a time drift is noticed, correct it using the following methods:
 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
24 November 2022

UID

ibm16841427