Troubleshooting
Problem
Autodetection_config utility can fail with the "401: No SEC header present in request" error if the proper credentials are not used.
Symptom
The Auto Detection utility fails and returns the following error message when the wrong credentials are supplied:
/opt/qradar/support/autodetection_config.py -l
Username: root
Password: **************
[ERROR]: 401: No SEC header present in request. Please provide it via "SEC: token".
You may also use BASIC authentication parameters if this host supports it. e.g.
"Authorization: Basic base64Encoding"
Cause
The error might be presented when:
- The user supplied does not exists in QRadar.
- The incorrect password is entered.
- If the user supplied is not an Admin user, the utility fails with a different error message.
Resolving The Problem
Only admin users are authorized to run the utility to list, disable, or enable auto detection for the different log source types. The utility does not support the use of Security Tokens, basic authentication (existing QRadar admin user and password) must be used.
Note: The utility can be run only from the QRadar Console appliance. QRadar on Cloud administrators must contact support to disable log sources for their Console appliances or use the DSM Editor to disable the auto detection for a DSM.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"TS013230268","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 June 2023
UID
ibm17002771