Troubleshooting
Problem
An IP address seen in Log Activity is not resolving hostnames, despite the nslookup command line can resolve DNS lookup for same IP.
Symptom
-
Log in to the QRadar interface.
-
Click Log Activity tab.
-
Using right-click an IP address >More Options >Information>DNS
Results: The lookup gave no result and instead of a hostname an IP address was resolved.
-
Log in to the Console using an SSH session.
-
Type the command nslookup with an IP Address.
Example nslookup 208.67.222.222
Results: This command returns opendns.com as the hostname.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
02 April 2019
UID
ibm10876744