Troubleshooting
Problem
If a local name server (Bind) is in use on the same network as QRadar, reverse DNS queries can be sent to QRadar to confirm IP and hostname relationships.
If the local IP addresses for QRadar Managed Hosts are not included in PTR records on the local name server, the Operating System of the QRadar host might not be able to respond to the Bind server. If these incidents happen frequently, then the QRadar monitoring engine may receive a high number of unwanted events for unsuccessful reverse lookups. The excessive volume of these kinds of events might have an impact on your license and they are counted as all the other events.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
30 June 2023
UID
ibm10884544