IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  CRE logs unreadable after upgrade to QRadar UP13

    Posted yesterday

    After upgrading to  UP13, the built-in log source "Custom Rule Engine-8 " started generating events with unreadable binary/unparsed payloads. These logs were not present before the upgrade and now create noise in Log Activity.

    What is the recommended solution or fix for this issue?



    ------------------------------
    Ökkes Güngör
    ------------------------------


  • 2.  RE: CRE logs unreadable after upgrade to QRadar UP13

    Posted 17 hours ago

    Adding comment to track this, as I noticed the same thing after applying the update in my lab (so I'm not alone :) ). 



    ------------------------------
    Dusan VIDOVIC
    ------------------------------

    Original Message


  • 3.  RE: CRE logs unreadable after upgrade to QRadar UP13

    Posted 15 hours ago

    Hi,

    if you mean something like this from "Custom Rule Engine-8":

    I agree, this seems to be "new" :( and also shows up with UP13 IF01.

    Regards,

    Ralph



    ------------------------------
    Ralph Belfiore
    Managing Consultant | SIEM Security Strategy & Data Resilience
    connecT SYSTEMHAUS AG
    Siegen
    ------------------------------

    Original Message


  • 4.  RE: CRE logs unreadable after upgrade to QRadar UP13

    Posted 15 hours ago

    For me it is a bit different (see image)

    ... and yes, same after IF01 has been applied.



    ------------------------------
    Dusan VIDOVIC
    ------------------------------

    Original Message


Related Content