Troubleshooting
Problem
The following message might be displayed when you save a Google G Suite Log Source: "Access denied. You are not authorized to read activity records".
Symptom
When you save a Google G Suite Log Source, the following message can be seen in the qradar.log file.
Attempting to access the login application.
Error: An I/O operation failed or was interrupted. Typically occurs due to connection issues. For more information see the "Raw Error Message".
Error: Parameters : Service Account Credentials
Error: 401 Unauthorized
Error: {
Error: "code" : 401,
Error: "errors" : [ {
Error: "domain" : "global",
Error: "location" : "Authorization",
Error: "locationType" : "header",
Error: "message" : "Access denied. You are not authorized to read activity records.",
Error: "reason" : "authError"
Error: } ],
Error: "message" : "Access denied. You are not authorized to read activity records."
Error: }
The following information can also be seen in the qradar.log file.
May 2 18:29:29 ::ffff:127.0.0.1 [ecs-ec-ingress.ecs-ec-ingress] [Google G Suite Activity Reports Rest API Protocol Provider Thread: class com.q1labs.semsources.sources.googlegsuiteactivityreportsrestapi.GoogleGSuiteActivityReportsRESTAPIProviderxxx] com.q1labs.semsources.sources.googlegsuiteactivityreportsrestapi.GoogleGSuiteActivityReportsRESTAPIProvider: [ERROR] [NOT:0000003000][xx.xx.xxx.xx/- -] [-/- -]An error occured during execution of provider class com.q1labs.semsources.sources.googlegsuiteactivityreportsrestapi.GoogleGSuiteActivityReportsRESTAPIProviderXXX
May 2 18:29:29 ::ffff:127.0.0.1 [ecs-ec-ingress.ecs-ec-ingress] [Google G Suite Activity Reports Rest API Protocol Provider Thread: class com.q1labs.semsources.sources.googlegsuiteactivityreportsrestapi.GoogleGSuiteActivityReportsRESTAPIProviderXXX] com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
Resolving The Problem
To resolve the issue complete the following steps.
- On the QRadar console, confirm the version of the Google G Suite Protocol that is currently installed.
rpm -qa | grep -i googlegsuite
PROTOCOL-GoogleGSuiteActivityReportsRESTAPI-7.5-xxxxxxxxxxxxxx.noarch DSM-GoogleGSuiteActivityReports-7.5-xxxxxxxxxxxxxx.noarch
- To download the Google G Suite Protocol.
- Open your Internet Browser and connect to the IBM FixCentral page.
IBM Support: Fix Central. - In the Product selector search bar type SIEM and then select product 'IBM Security QRadar SIEM '.
- Select the Installed Version, click 7.5.0.
- Platform, select Linux.
- Click on Continue.
- Leave 'Browse for fixes' selected and click on Continue.
- Click on Protocol.
- In the Filter fix details: search bar enter 'google'.
- Click on the Protocol you want to download, this will bring you to the download link.
- Right click on the Download link and select the option 'Copy link'.
- Connect to the QRadar Console, use the wget command to download the rpm file.
Example:
wget <copied_link>wget https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/OSA/0bbdx/0/PROTOCOL-GoogleGSuiteActivityReportsRESTAPI-7.5-xxxxxxxxxxxxxx.noarch.rpm
- Open your Internet Browser and connect to the IBM FixCentral page.
- After the Google G Suite Protocol is downloaded, run the following command to reinstall the Protocol.
yum reinstall -y PROTOCOL-GoogleGSuiteActivityReportsRESTAPI-7.5-xxxxxxxxxxxxxx.noarch.rpm
- When the Google G Suite Protocol is installed, the following message will be displayed.
Installed: PROTOCOL-GoogleGSuiteActivityReportsRESTAPI.noarch 0:7.5-xxxxxxxxxxxxxx
Results: The Google G Suite Log Source can be configured and saved successfully.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 August 2024
UID
ibm17152287