Troubleshooting
Problem
After SNMP is enabled on the QRadar appliances, you might need to test if SNMP is listening and replying to SNMP queries.
Cause
In some cases, a network-related issues might prevent SNMP monitors from reaching QRadar® appliances.
Resolving The Problem
The snmpwalk command great utility to test whether the QRadar appliance is accepting SNMP requests.
Procedure
- Log in to the QRadar UI as an admin user.
- Click on the Admin tab > System Settings > Advanced.
- Scroll to Embedded SNMP Daemon Settings.
- Verify that the Daemon Port is 8001, the Community String is public, and Enabled = Yes.
- If changes are made, click Save.
Important: Deploy Changes might result in services being restarted. While services are restarting, event processing stops until services restart. Scheduled reports that are in-progress need to be manually restarted by users. Administrators with strict outage policies are advised to complete the next step during a scheduled maintenance window for their organization. - Click Deploy Changes.
- Use SSH to log in to your Console,
- From the Console use SSH to connect to the appliance you need to test SNMP.
- Use a text editor to update /opt/qradar/conf/iptables.pre with the iptable rule:
-A OUTPUT -m udp -p udp --dport 8001 -j ACCEPT
- Run the command:
- To update iptables, run the command:
/opt/qradar/bin/iptables_update.pl
snmpwalk -Os -c public -v 2c localhost:8001 iso.3.6.1.2.1.1.1
- A similar system's description output is returned.
sysDescr.0 = STRING: Linux <hostname> 3.10.0-1160.6.1.el7.x86_64 #1 SMP Wed Oct 21 13:44:38 EDT 2020 x86_64
The command confirms that the SNMP service is up and running. Administrators can run this command on all appliances to confirm that they are ready to accept SNMP queries.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
30 June 2021
UID
swg21993313