Question & Answer
Question
What services need to be running in each QRadar appliance?
Answer
IBM QRadar SIEM has three core services:
Tomcat service
The Tomcat service runs only on the Console and manages the HTTPd service to make the user interface available.
Hostcontext service
Hostcontext runs on each appliance in a deployment. It is responsible for starting, stopping, and verifying the status of each component within a deployment. The following table shows Appliances, Appliance type, and Hostcontext subservices.
Appliance | Appliance type | Hostcontext subservices |
---|---|---|
Console | 31xx |
|
Event Collector | 15xx |
|
Event Processor | 16xx |
|
Flow Collector | 12xx |
|
Flow Processor | 17xx |
|
Event/Flow Processor | 18xx |
|
Data Node | 14xx |
|
App Host | 4000 |
N/A
|
Data Gateway | 7000 |
|
QRadar Risk Manager | 700 |
|
QRadar Vulnerability Manager Scanner | 610 |
|
QRadar Vulnerability Manager Processor | 600 |
vis
|
QRadar Incident Forensics | 6000 |
forensicsnode
|
QRadar Network Insights | 6500 |
forensics_realtime
|
Hostservices service
Hostservices runs on each appliance in a deployment. It is responsible for keeping track of base services such as PostgreSQL. The subservices managed by Hostservices include IMQ, Docker, and PostgreSQL.
Appliance | Appliance type | Subservices |
---|---|---|
Console | 31xx |
|
Event Collector | 15xx |
|
Event Processor | 16xx |
|
Flow Collector | 12xx |
|
Flow Processor | 17xx |
|
Event/Flow Processor | 18xx |
|
Data Node | 14xx |
|
App Host | 4000 |
|
Data Gateway | 7000 |
|
QRadar Risk Manager | 700 |
|
QRadar Vulnerability Manager Scanner | 610 |
|
QRadar Vulnerability Manager Processor | 600 |
|
QRadar Incident Forensics | 6000 |
|
QRadar Network Insights | 6500 |
|
For administrators interested in the impact of restarting services, see QRadar: Core services and the impact of restarting services.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 April 2023
UID
ibm16620577