QRadar: Effects of low bandwidth on replication

How does low bandwidth affect the replication process on managed hosts?


The replication process keeps the database (with the QRadar configuration information) on each managed host up to date.
  • Slow down the replication process since the managed host needs to download the dumps from the console.
  • Prevent the replication process from occurring. This issue eventually stops hostcontext as a security measure since the PostgreSQL Database in the Managed host is not synced up with the PostgreSQL Database in the Console.
The following error is displayed in /var/log/qradar.log when the replication process failed many times.
[ERROR] [NOT:0000003000][X.X.X.X/- -] [-/- -]Cannot synchronize Console and managed host transaction
(timeout): backup_,qradar-ec01,_00000186-0f04-5b7e-0000-000000000000
After the error "Cannot synchronize Console and managed host transaction (timeout)" is displayed, the hostcontext service is stopped to prevent further issues.
To address this issue, administrators must address the network-related constraints with their respective network team and meet the bandwidth requirements, and restart the hostcontext service.
IMPORTANT: Restarting the hostcontext service might temporarily stop event correlation, processing, and searches while the service restarts. Administrators with strict outage policies are advised to complete the next step during a scheduled maintenance window for their organization.
If the replication process does not resume automatically after some minutes, contact QRadar Support for assistance.

