Hi Ralph
Same here on all our QRadar updated with 7.5up6 (without IF), I'm not sure but I think this happen only with physical installations, because I've installed a console in VmWare yesterday and I'm not seeing this error.
Apart from the error message I'm not aware of other problems with the SIEM functionality, but I did not opened a IBM case yet on this error
Regards
Stefano
------------------------------
Stefano Pasa
------------------------------
Original Message:
Sent: Thu August 24, 2023 06:42 AM
From: Ralph Belfiore
Subject: ErrorStream replicationPackager: /dev/mem: & /sys/firmware/dmi/tables/smbios_entry_point: permission denied
Hi community,
in a qradar deployment running 7.5.0UP6 IF02 today I came across the following common error message:
Aug 24 10:37:55 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-665978] ComponentOutput: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]ErrorStream replicationPackager: /dev/mem: permission denied
Aug 24 10:42:55 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-666368] ComponentOutput: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]ErrorStream replicationPackager: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
Has anyone else noticed this in other systems by chance and a hint or solution/workaround? Or is it more useful to open an IBM support call?
Thx in advance and regards,
Ralph
------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727
------------------------------