IBM Security QRadar

Same log source is added two times and giving different events, one discovery method was auto discovery and other one was manually discovered and these both same log source is giving different events.

------------------------------
Ather Mobeen
------------------------------

Normally a log source can not exist multiple times, given the identifier and log source type are also the same. There can be multiple log sources for one identifier, given they are all different log source types, for example one Juniper FW log source and a Linux log source with the same hostname as identifier.

For your case, can you check if the identifier is exactly the same. If yes, is also the log source type the same?
Original Message:
Sent: Thu September 03, 2020 03:20 AM
From: Ather Mobeen
Subject: Same Log source added two times

Same log source is added two times and giving different events, one discovery method was auto discovery and other one was manually discovered and these both same log source is giving different events.

------------------------------
Ather Mobeen
------------------------------

can u provide any source to get more info about this issue.

------------------------------
Preeti Batra
------------------------------

Original Message:
Sent: Fri September 04, 2020 12:03 PM
From: Paul Teichmann
Subject: Same Log source added two times

Normally a log source can not exist multiple times, given the identifier and log source type are also the same. There can be multiple log sources for one identifier, given they are all different log source types, for example one Juniper FW log source and a Linux log source with the same hostname as identifier.

For your case, can you check if the identifier is exactly the same. If yes, is also the log source type the same?
Original Message:
Sent: Thu September 03, 2020 03:20 AM
From: Ather Mobeen
Subject: Same Log source added two times

Same log source is added two times and giving different events, one discovery method was auto discovery and other one was manually discovered and these both same log source is giving different events.

------------------------------
Ather Mobeen
------------------------------

The issue is resolved from changing the log parsing order of the devices that are added two times.

------------------------------
Ather Mobeen
------------------------------

Original Message:
Sent: Fri September 04, 2020 12:03 PM
From: Paul Teichmann
Subject: Same Log source added two times

Normally a log source can not exist multiple times, given the identifier and log source type are also the same. There can be multiple log sources for one identifier, given they are all different log source types, for example one Juniper FW log source and a Linux log source with the same hostname as identifier.

For your case, can you check if the identifier is exactly the same. If yes, is also the log source type the same?
Original Message:
Sent: Thu September 03, 2020 03:20 AM
From: Ather Mobeen
Subject: Same Log source added two times

Same log source is added two times and giving different events, one discovery method was auto discovery and other one was manually discovered and these both same log source is giving different events.

------------------------------
Ather Mobeen
------------------------------