Extract of reply sent do Jonathan inadvertently...
Hello Jonathan,
Thank you for the reply.
I went through you, although the steps to get to the diagnosis were different - having determined the app id is issues /opt/qradar/support/qapp_utils_730.py connect xxxx . Where xxxx = app id.
We have version 7.3.1 and do not have a IPv6 network.
I don't see any errors being listed in the APi Logs and we have also setup explicit Firewall rules to allow access to the two https site. However, still not having any success in connecting to the destination site to pull Mimecast logs down.
Any further thoughts please?
Thank you.
------------------------------
Shjajad Ashraf
------------------------------
Original Message:
Sent: Wed March 27, 2019 10:36 AM
From: Jonathan Pechta
Subject: RHEL, QRADAR and Proxy Server
Shjajad,
I was just writing up an article around this issue, but you did not mention your QRadar version. This is typically something we'd try to resolve via the QRadar Support forums (https://ibm.biz/qradarforums), but if you are on QRadar 7.3.2, see this article: QRadar 7.3.2: How to tune proxy configurations for app containers.
If you are on QRadar 7.3.2, this issue as described in the article I wrote above outlines apps in QRadar 7.3.2 can inherit the proxy configuration from the Console config, which can replace the proxy config for the app itself and preventing the app container from reaching out to an external data source.
If you are on QRadar 7.3.1, using IPv6 in your network, or having app issues related to the QRadar proxy, you might consider opening a case on this issue here: https://ibm.com/mysupport.
Hope this help, let me know if you have further questions or concerns. The best place to get quick answers is the QRadar Support forums for these types of issues or by opening a case. We keep a closer eye on the support forums, you can find those here: https://ibm.biz/qradarforums
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
Original Message:
Sent: 03-18-2019 07:15 PM
From: Shjajad Ashraf
Subject: RHEL, QRADAR and Proxy Server
Hello,
What files need to be configured to allow for unauthenticated proxy server set for third party API (Mimecast) to connect to eu-api.mimecast.com?
I have currently set /etc/httpd/conf.d/ssl.conf and /opt/qradar/dca/server.ini as outlined in this KB IBM QRadar: X-Force Frequently Asked Questions (FAQ) - Updated - United StatesIbm | remove preview |
| IBM QRadar: X-Force Frequently Asked Questions (FAQ) - Updated - United States | What do I need to know and what are the frequently asked questions about the QRadar X-Force Threat Intelligence feed? | View this on Ibm > |
|
|
Extract from QRADAR Log
Unexpected exception raise while testing connection: Unexcepted error connecting to API.
Exception: HTTPSConnectionPool(host='eu-api.mimecast.com', port=443): Max retries exceeded with url: /api/audit/get-siem-logs (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x3398f50>, 'Connection to eu-api.mimecast.com timed out. (connect timeout=30.0)'))
Thank you.
------------------------------
Shjajad Ashraf
------------------------------