Troubleshooting
Problem
Steps to resolve defect IJ25819, "java.lang.NoClassDefFoundError" exception.
Symptom
- The ecs-ec-Ingress service can fail to load properly due to:
Error : java.lang.NoClassDefFoundError: com.amazonaws.auth.AWSCredentialsProvider
- Error from /var/log/qradara.log indicating a missing class (java.lang.NoClassDefFoundError):
Oct 2 22:52:46 ::ffff:10.204.251.206 [ecs-ec-ingress.ecs-ec-ingress] [Thread-20] Caused by: java.lang.NoClassDefFoundError: com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException
Cause
A missing file from the lib directory.
Resolving The Problem
- SSH into the QRadar as the root user.
- Locate which file includes the missing class:
grep -ir <class_name> /opt/qradar/jars/*
grep -ir com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException /opt/qradar/jars/*
/opt/qradar/jars/aws-java-sdk-1.11.545.jar
matches
- Verify whether the file is missing
- Update the locate command database:
updatedb
- To find the file, run:
locate aws-java-sdk-1.11.545.jar
- Locate the run location:
grep aws-java-sdk-1.11.545.jar /opt/ibm/si/services/ecs-ec-ingress/current/eventgnosis/config/EC_Ingress.xml
Note: If the command says q1labs/AmazonAWSRESTAPI/aws-java-sdk-1.11.545.jar, then check whether the file exists in /opt/ibm/si/services/ecs-ec-ingress/eventgnosis/lib/q1labs/AmazonAWSRESTAPI/.
- Update the locate command database:
- If the file is missing, then copy the file to
/opt/ibm/si/services/ecs-ec-ingress/eventgnosis/lib/q1labs/AmazonAWSRESTAPI/
cp /opt/qradar/jars/aws-java-sdk-1.11.545.jar /opt/ibm/si/services/ecs-ec-ingress/eventgnosis/lib/q1labs/AmazonAWSRESTAPI/
- Force reload of AmazonAWSRESTAPI protocol:
touch /opt/ibm/si/services/ecs-ec-ingress/eventgnosis/lib/q1labs/q1labs_semsources_protocol_amazonawsrest.jar
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
18 September 2023
UID
ibm17028900