Troubleshooting
Problem
This article explains how to diagnose and resolve when deployment changes fail, especially for the console, due to the FileNotFoundException for files under the /store/tmp directory.
Symptom
When you perform the deployment changes, it directly goes into an error state. And found the following error traces in the qradar.log.
127.0.0.1 [tomcat.tomcat] [xxxxxxxx (1030) /console/JSON-RPC/QRadar.scheduleDeployment QRadar.scheduleDeployment] java.io.FileNotFoundException: /store/tmp/status/addhost.txt (Permission denied)
127.0.0.1 [tomcat.tomcat] [xxxxxxxx (5985) /console/JSON-RPC/QRadar.scheduleDeployment QRadar.scheduleDeployment] java.io.FileNotFoundException: /store/tmp/forensics.yar (Permission denied)
Cause
This issue happens because the folder /store/tmp is not a symbolic link to /storetmp. Also, its permission is compared to the /storetmp folder.
Diagnosing The Problem
Use the command ls -l to check whether a symbolic link is created, and the owner must be nobody: nobody. If the output of ls -l /store/tmp is not the same as the following, you need to check the Resolving the problem section.
[root@xxxxx~]# ls -l /store/tmp
lrwxrwxrwx 1 nobody nobody 10 Jan 4 2022 /store/tmp -> /storetmp
Resolving The Problem
Follow the below steps to resolve the issue.
- Create a new Symbolic link by using the following command.
# ln -s /storetmp /store/tmp
- Change ownership of /store/tmp & /store/tmp/status.
# chown -h nobody:nobody /store/tmp # chown -h nobody:nobody /store/tmp/status
- Check the check /store/tmp is a symbolic link, and the owner is nobody.
# ls -l /store/tmp lrwxrwxrwx 1 nobody nobody 10 Jan 4 2022 /store/tmp -> /storetmp/
- Perform the deployment changes.
- Result
After you assign the symbolic link and required ownership, deployment changes will be completed successfully.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS012772811","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
29 August 2023
UID
ibm17001779