IBM Security QRadar

Hi all again,

on a certain dev. environment the manager doesn't seem to be producing the desired effect - although the GUI shows that the export procedure has been started, no .zip / contents file can be found.

At the same time the qradar.log is exhibiting the following errors:

qradar.log:May 29 15:10:05 IPv6_COMES_HERE [accumulator_rollup.accumulator_rollup] [main] com.q1labs.frameworks.naming.FrameworksNaming: [INFO] [NOT:0000006000][HOST_IP_COMES_HERE/- -] [-/- -]com.ibm.si.content_management.types.ContentVersion.NAME MUST be public, static and not final for naming to help with setting of NAME
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.types.operation.ContentManagerExport.executeBulkOperations(ContentManagerExport.java:164)
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.types.operation.ContentManagerExport.doOperation(ContentManagerExport.java:65)
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.types.operation.ContentManagerOperation.operate(ContentManagerOperation.java:64)
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.ContentManager.operate(ContentManager.java:62)

Has anyone encountered such an issue?

Regarding the bolded part, could it be that the message is due to the fact that not all manifest.txt fields were populated (only the ones marked with * were)?

Many thanks in advance,

kind regards

Hi Vedran,

Those logs appear to be from the accumulator process.  I would suggest you open a support case for this as a full set of logs for analysis would be required.

Thanks

Hi all again,

on a certain dev. environment the manager doesn't seem to be producing the desired effect - although the GUI shows that the export procedure has been started, no .zip / contents file can be found.

At the same time the qradar.log is exhibiting the following errors:

qradar.log:May 29 15:10:05 IPv6_COMES_HERE [accumulator_rollup.accumulator_rollup] [main] com.q1labs.frameworks.naming.FrameworksNaming: [INFO] [NOT:0000006000][HOST_IP_COMES_HERE/- -] [-/- -]com.ibm.si.content_management.types.ContentVersion.NAME MUST be public, static and not final for naming to help with setting of NAME
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.types.operation.ContentManagerExport.executeBulkOperations(ContentManagerExport.java:164)
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.types.operation.ContentManagerExport.doOperation(ContentManagerExport.java:65)
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.types.operation.ContentManagerOperation.operate(ContentManagerOperation.java:64)
qradar.log:May 29 15:14:16 IPv6_COMES_HERE [tomcat.tomcat] [USER_NAME_COMES_HERE]    at com.ibm.si.cmt.ContentManager.operate(ContentManager.java:62)

Has anyone encountered such an issue?

Regarding the bolded part, could it be that the message is due to the fact that not all manifest.txt fields were populated (only the ones marked with * were)?

Many thanks in advance,

kind regards