IBM Support

QRadar: What information to be shared with support when JDBC issue is observed.

Question & Answer


Question

What information needs to be submitted to effectively diagnose JDBC-related issues in QRadar?

Answer

IBM QRadar support requires following information to investigate QRadar JDBC-related issues.


1. Screenshot of log source configuration (all tabs).
2. Screenshot of the log source configuration test.
3. End device version.
4. Execute following commands on QRadar console and target Event Collector and upload text file for review.

i.To check the connection of the end device server with the port.

# telnet (end device server ip) (Port_number)

ii. To check the network traffic that passes through the system. Attach the tcpdump.output text file for review.

# tcpdump -nnAs0 -i any port (Port_number) > tcpdump.output

iii. To query RPM packages like common, IBM and JDBC.

# rpm -qa | grep -i Common    
# rpm -qa | grep -i Ibm
# rpm -qa | grep -i Jdbc


iv. To check the MD5sum of the JAR files.

# find /opt -name ojdbc* | xargs md5sum
# find /opt -name orai* | xargs md5sum
# find /opt -name jtds* | xargs md5sum
# find /opt -name mssql-jdbc* | xargs md5sum
5.Collect get_logs from QRadar Console and affected managed host (target Event Collector).
# /opt/qradar/support/get_logs.sh -S -a -q 10
 

Refer to What information be submitted with a QRadar service request for more information.

Contact QRadar Support for further assistance.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
26 July 2023

UID

ibm17013057