Monitor QRadar in NagiosXI

[btyra]

Hello,

I currently have a QRadar SIEM All-In-One appliance running and I would like to monitor it with Nagios XI. I tried added the IP of the console and that keeps showing up red in NagiosXI. Has anyone done this before or have any suggestions on how to setup monitoring of the appliance's state. I just need to know if it is online or offline.

Thank you,
B

[Box293]

Are you able to actually ping the device?

Another method is motoring the port of the management interface of the device. This could be a web interface which could be monitored using the Nagios XI Web Server wizard or a network port using the TCP/UDP Port wizard.

[btyra]

Thank you for your reply Box293. I am actually not able to ping the device, so that would make sense why it is staying red in NagiosXI. I will look into setting up Nagios XI Web Server Wizard this morning.

B

[btyra]

I found this article on a Google Search and it appears to have some of the answers I need, but when I try to go to it, it says I am not authorized to view it.

https://support.nagios.com/forum/viewto ... 16&t=43003

Could a moderator help me access this?

Thank you,
B

[Box293]

Qradar server monitoring

IBM has told us that they do not support installing an agent on their Qradar server so we have to monitor it via SNMP.

They state:
IBM Security QRadar uses the Net-SNMP agent, which supports various system resource monitoring MIBs. They can be polled by Network Management solutions for the monitoring and alerting of system resources.

So... I have been asked to monitor disk space and CPU load as a starting point. I understand this is a RHEL 6 server but needs to have firewalls allowed in. I am assuming UDP 161 should be allowed. Any other ports?

Any help creating the checks with MIBs would be appreciated.


Re: Qradar server monitoring

The only port that you would need to open on that system is port 161 UDP and no other if you are only going to use SNMP to monitor that device.

If that server is running the Net-SNMP daemon, you should be able to use the Linux SNMP wizard to configure XI to monitor that device.
That wizard will setup the checks for disk space, load. memory and process checks. That is if it is running the Net-SNMP daemon and the configurations are correct.

If you do need to upload MIB files to the Nagios XI server, you can do that by going to the Admin > Manage MIBs menu and upload them there.

[btyra]

Thank you Box 293! That was helpful. I was able to get basic monitoring in NagiosXI today via SNMP which will be acceptable for now. When I have more time, I hope to add in other items such as CPU, memory, temp, etc.

-B

[cdienger]

Glad to hear! We'll lock this one for now. Feel free to open a new thread when you get around to adding the other items if needed.

[benjaminsmith]

Thank you Box 293! That was helpful. I was able to get basic monitoring in NagiosXI today via SNMP which will be acceptable for now. When I have more time, I hope to add in other items such as CPU, memory, temp, etc.

Great! Glad you were able to get it setup.

Let us know if it's ok to close this thread or if you have any other questions.