IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Magistrate encountered serious errors

  • 1.  Magistrate encountered serious errors

    Posted Tue May 12, 2020 09:48 AM
    I have an installation (7.3.3.) where the following error appears periodically:
    Magistrate encountered serious errors that may prevent offenses from being updated.

    I follow the recommended instructions to perform a soft clean of the SIM model, however I have no idea if this is doing anything. Offenses appear to be updating as new ones appear, however I am not sure if I should expect to see a message indicating that normal status has resume. QDI still shows the status as "red", but I see no other indication that there is an issue or that events are not being processed normally. Any help would be appreciated. Is there a problem? If so, how can I fix it or should there be an indication that the error has been resolved?

    Thanks!

    ------------------------------
    Ryan
    ------------------------------


  • 2.  RE: Magistrate encountered serious errors

    Posted Wed May 13, 2020 05:15 AM
    'had a same problem in our lab with 7.4.0p1... I guess you are on 7.3.3p3.  'resolved it with upgrade to 7.4.0p2. This is also suggested in the APAR IJ24334 note.

    ------------------------------
    Dusan VIDOVIC
    ------------------------------

    Original Message


  • 3.  RE: Magistrate encountered serious errors

    Posted Wed May 13, 2020 07:28 AM
    Hi Ryan,

    I ran into the same problem, but we only realized when we lost offense creation for 15 hours. This is a bug in 7.3.3 FP3 and there is an Interim Fix for it. Since I upgraded to IF 1 we haven't seen any magistrate warnings.

    Regards,
    Arpad

    ------------------------------
    Árpád Kurtyán
    ------------------------------

    Original Message


  • 4.  RE: Magistrate encountered serious errors

    Posted Wed May 13, 2020 07:39 AM
    I have the same issue with 7.3.3 FP3 but have not lost offense creation and have not applied IF1 just the warning messages.

    ------------------------------
    Bruce Hutchinson
    ------------------------------

    Original Message


  • 5.  RE: Magistrate encountered serious errors

    Posted Wed May 13, 2020 08:58 AM
    Yes, we are on 7.3.3FP3. Thanks for the replies. Good to know that it is a known issue.

    ------------------------------
    Ryan Hitch
    ------------------------------

    Original Message


  • 6.  RE: Magistrate encountered serious errors

    Posted Wed May 27, 2020 12:26 PM
    Same issue on 7.4.0 FP1

    ------------------------------
    George Valentin Stan
    ------------------------------

    Original Message


  • 7.  RE: Magistrate encountered serious errors

    Posted Wed May 27, 2020 04:12 PM
    Updated to 7.4.0 FP2, I'm still seeing the warning, followed the recommended steps, but without success.

    ------------------------------
    George Stan
    ------------------------------

    Original Message


  • 8.  RE: Magistrate encountered serious errors

    Posted Thu May 28, 2020 09:31 AM
    Same here. We updated to 7.4.0 FP2 more than two weeks ago after having observed the message with 7.3.3 FP3. According to IBM it is a known issue (IJ24819 Offense purging can fail in QRadar 7.4.0 FP1 IF01 OR 7.4.0 FP2 when the patching began at QRadar 7.3.3 FP3). Unfortunately, there is still no fix available (opened a PMR on 8th of May) and in our case it does not only have an impact on offense purging but also on offense generation.

    ------------------------------
    Martin Heiz
    InfoGuard AG
    Baar
    ------------------------------

    Original Message


  • 9.  RE: Magistrate encountered serious errors

    Posted Thu May 28, 2020 02:14 PM

    Hi, please note there is an apar for 7.4.

    https://www.ibm.com/support/pages/apar/IJ24334

    Also please note the recommendation for temporarily resolving the issue was to execute a SIM Hard Clean, not a soft clean.

    Greetings,

    Juan.



    ------------------------------
    Juan Ignacio Leon Plaza
    ------------------------------

    Original Message


  • 10.  RE: Magistrate encountered serious errors

    Posted Mon June 01, 2020 12:55 AM

    Hi, I have the same problem and after a Hard clean, with all issues that causes in connected systems, the issues stayed away for one month.

    This time, second occasion, it came back almost instantly. It is definitely not an funny option to do a Hard Clean, especially not when you have connected systems indexing on Offence ID.....



    ------------------------------
    Regards
    Stefan
    ------------------------------

    Original Message


  • 11.  RE: Magistrate encountered serious errors

    Posted Thu May 28, 2020 04:16 AM
    These are both new releases (with a major release) so are not immune to issues.

    Assuming there is nothing obvious in /var/log/qradar.error , this feels like a support call via your IBM support contract is needed to at least allow for log capture and review. 

    Get a ticket raised is what I would recommend anyway.

    Good luck and share what you find.

    ------------------------------
    Darren H.
    ------------------------------

    Original Message