Hi Blanca, Comghall Morgan is absolutely right with his comments, especially regarding the flatten and reinstall tip. CE is limited as you know even so its kind of AiO. The IP address is stored in a thousand places inside postgres database. Your errorlog shows that tomcat and configservices are not working. When you double check managedhosts table inside database it should show the new IP. Presumably it doesnt.
------------------------------
[Karl] [Jaeger] [#ibmchampion]
[QRadar Specialist]
[cnag]
[Siegen] [Germany]
------------------------------
Original Message:
Sent: Tue February 27, 2024 03:09 AM
From: Blanca Benavent
Subject: Web isn't working
I made it following the oficial website where it tells you that if you want to change the ip from the console you need to do the qchange_netsetup order.
------------------------------
Blanca Benavent
Original Message:
Sent: Mon February 26, 2024 04:35 PM
From: Comghall Morgan
Subject: Web isn't working
Hello,
How did you change the IP?
Was it a manual config change?
The recommended method to change IP is to use qchange_netsetup.
https://www.ibm.com/docs/en/qsip/7.5?topic=nsm-changing-network-settings-qradar-console-in-multi-system-deployment
I have noted this to work in some scenarios and fail in others.
It may be quicker to flatten and reinstall your CE with the new IP.
Regards,
------------------------------
Comghall Morgan
QRadar Support Architect
IBM
Original Message:
Sent: Mon February 26, 2024 05:57 AM
From: Blanca Benavent
Subject: Web isn't working
I have Qradar CE 7.3.3, and after i changed the Ip from 192.168.1.211 to 192.168.0.211 i can't acces to the website, my machine has ping to the qradar and viceversa, i tried to look at the error logs, tomcat, hostcontext and network services are running, i don't know what else i have to check. Things to consider: my qradar has 2 interfaces, a bridge one and a internal net one, I have a page open from my pc to the IP from the bridge interface, and another page on a vm from the internal net open with the internal net IP. Before it worked fine from the two IP's.
These are the logs:
Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] at com.q1labs.hostcontext.capabilities.CapabilitiesReporter.reportHostCapabilities(CapabilitiesReporter.java:290)Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] at com.q1labs.hostcontext.capabilities.CapabilitiesReporter.buildAndReportHostCapabilities(CapabilitiesReporter.java:167)Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] at com.q1labs.hostcontext.HostContext$4.run(HostContext.java:815)Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] Caused by:Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] java.security.cert.CertificateException: Unable to initialize, java.io.IOException: Short read of DER lengthFeb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:268)Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] at com.ibm.crypto.provider.X509Factory.engineGenerateCertificate(Unknown Source)Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:407)Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] at com.q1labs.configservices.core.ConfigServicesClient.importCertificateToKeyStore(ConfigServicesClient.java:470)Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] ... 8 moreFeb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] com.q1labs.hostcontext.capabilities.CapabilitiesReporter: [ERROR] [NOT:0000003000][127.0.0.1/- -] [-/- -]Error connecting to the configservicesException while reporting the 192.168.0.211 host capabilities.Feb 26 11:48:02 ::ffff:127.0.0.1 [hostcontext.hostcontext] [CapabilitiesReporter_thread] com.q1labs.hostcontext.capabilities.CapabilitiesReporter: [WARN] [NOT:0000004000][127.0.0.1/- -] [-/- -]Failed to report host capabilities... Maybe the Console's tomcat is not working.
------------------------------
Blanca Benavent
------------------------------