Question & Answer
Question
How to verify whether the hosts file is accurate?
Cause
Over the life of your QRadar environment the
/etc/hosts
file can grow with:- Duplicate entries after hardware migrations
- Duplicate or incorrect entries after host readds after an IP change or hostname change
- Obsolete entries
- Hardware rebuilds, or VM rebuilds, causing incorrect hashes
Answer
Validate
/etc/hosts
file and /etc/hosts.default on host:
- Are there any duplicate IP addresses?
- Is there any IP present that was decommissioned?
- Is the host short name on the same line with the IP address?
- Is the host fully qualified domain name (FQDN) on the same line with the IP address?
- If high availability (HA) is in use, is the primary, secondary, and VIP present?
- Are default values present, for loopback for example:
127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 ::1 localhost6.localdomain6 localhost6 localhost.localdomain localhost
- Is the hash present for the Console, usually at the end of the Console's VIP address:
0.0.0.0 conosle.local console a1a1aaaa1a11a111
Note: If you see it missing or suspect it to be incorrect, validate the hash.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwstAAA","label":"Accumulator"},{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"},{"code":"a8m0z000000cwt8AAA","label":"Ariel"},{"code":"a8m0z000000cwtIAAQ","label":"Dashboard"},{"code":"a8m0z000000cwtNAAQ","label":"Deployment"},{"code":"a8m0z000000cwtcAAA","label":"Hardware"},{"code":"a8m0z000000cwtXAAQ","label":"High Availability"},{"code":"a8m0z000000cwtiAAA","label":"Performance"},{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"},{"code":"a8m0z000000cwtdAAA","label":"Upgrade"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]
Was this topic helpful?
Document Information
Modified date:
23 June 2023
UID
ibm17006713