IBM has told us that they do not support installing an agent on their Qradar server so we have to monitor it via SNMP.
They state:
IBM Security QRadar uses the Net-SNMP agent, which supports various system resource monitoring MIBs. They can be polled by Network Management solutions for the monitoring and alerting of system resources.
So... I have been asked to monitor disk space and CPU load as a starting point. I understand this is a RHEL 6 server but needs to have firewalls allowed in. I am assuming UDP 161 should be allowed. Any other ports?
Any help creating the checks with MIBs would be appreciated.
Qradar server monitoring
Re: Qradar server monitoring
The only port that you would need to open on that system is port 161 UDP and no other if you are only going to use SNMP to monitor that device.
If that server is running the Net-SNMP daemon, you should be able to use the Linux SNMP wizard to configure XI to monitor that device.
That wizard will setup the checks for disk space, load. memory and process checks. That is if it is running the Net-SNMP daemon and the configurations are correct.
If you do need to upload MIB files to the Nagios XI server, you can do that by going to the Admin > Manage MIBs menu and upload them there.
If that server is running the Net-SNMP daemon, you should be able to use the Linux SNMP wizard to configure XI to monitor that device.
That wizard will setup the checks for disk space, load. memory and process checks. That is if it is running the Net-SNMP daemon and the configurations are correct.
If you do need to upload MIB files to the Nagios XI server, you can do that by going to the Admin > Manage MIBs menu and upload them there.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Qradar server monitoring
Thanks. That helped. Please feel free to close.