Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IBM QRadar 7.5 unable to add new log source #61

Open
craig-br opened this issue Sep 21, 2022 · 1 comment
Open

IBM QRadar 7.5 unable to add new log source #61

craig-br opened this issue Sep 21, 2022 · 1 comment
Labels
bug This issue/PR relates to a bug.

Comments

@craig-br
Copy link

SUMMARY
  • Unable to create a new log source in QRadar version 7.5 using ibm.qradar collection for Snort and CheckPoint NGFW. Fails with list index out of range error.
ISSUE TYPE
  • Bug Report
COMPONENT NAME

plugins/modules/qradar_log_source_management.py

ANSIBLE VERSION
ansible 2.10.7
  config file = None
  configured module search path = ['/opt/app-root/src/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/app-root/lib64/python3.9/site-packages/ansible
  executable location = /opt/app-root/bin/ansible
  python version = 3.9.7 (default, Sep 13 2021, 08:18:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
COLLECTION VERSION
# /opt/app-root/src/.ansible/collections/ansible_collections
Collection Version
---------- -------
ibm.qradar 2.1.0  

# /opt/app-root/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
ibm.qradar 1.0.3  

# /opt/app-root/lib64/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
ibm.qradar 1.0.3
CONFIGURATION

No output

OS / ENVIRONMENT

IBM QRadar Version 7.5

Inventory host config
qradar ansible_connection=httpapi ansible_httpapi_use_ssl=yes ansible_httpapi_validate_certs=False ansible_network_os=ibm.qradar.qradar

STEPS TO REPRODUCE
---
- name: Configure Check Point to send logs to QRadar
  hosts: checkpoint

  tasks: 
    - include_role:
        name: ansible_security.log_manager
        tasks_from: forward_logs_to_syslog
      vars:
        syslog_server: "{{ hostvars['qradar']['private_ip'] }}"
        checkpoint_server_name: "xxx"
        firewall_provider: checkpoint

- name: Add Check Point log source to QRadar
  hosts: qradar
  collections:
    - ibm.qradar

  tasks:
    - name: Add Check Point remote logging to QRadar
      qradar_log_source_management:
        name: "Check Point source - {{ hostvars['checkpoint']['private_ip'] }}"
        type_name: "Check Point FireWall-1"
        state: present
        description: "Check Point log source"
        identifier: "{{ hostvars['checkpoint']['private_ip'] }}"

    - name: deploy the new log sources
      qradar_deploy:
        type: INCREMENTAL
      failed_when: false
EXPECTED RESULTS
  • A new CheckPoint NGFW log source is created in IBM QRadar
ACTUAL RESULTS
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: IndexError: list index out of range
fatal: [qradar]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/opt/app-root/src/.ansible/tmp/ansible-local-6426ffl6rcqa/ansible-tmp-1663782051.3863535-6555-216441584574909/AnsiballZ_qradar_log_source_management.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/opt/app-root/src/.ansible/tmp/ansible-local-6426ffl6rcqa/ansible-tmp-1663782051.3863535-6555-216441584574909/AnsiballZ_qradar_log_source_management.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/opt/app-root/src/.ansible/tmp/ansible-local-6426ffl6rcqa/ansible-tmp-1663782051.3863535-6555-216441584574909/AnsiballZ_qradar_log_source_management.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.ibm.qradar.plugins.modules.qradar_log_source_management', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_qradar_log_source_management_payload_n7a3fhsn/ansible_qradar_log_source_management_payload.zip/ansible_collections/ibm/qradar/plugins/modules/qradar_log_source_management.py\", line 263, in <module>\n  File \"/tmp/ansible_qradar_log_source_management_payload_n7a3fhsn/ansible_qradar_log_source_management_payload.zip/ansible_collections/ibm/qradar/plugins/modules/qradar_log_source_management.py\", line 239, in main\n  File \"/tmp/ansible_qradar_log_source_management_payload_n7a3fhsn/ansible_qradar_log_source_management_payload.zip/ansible_collections/ibm/qradar/plugins/modules/qradar_log_source_management.py\", line 95, in set_log_source_values\nIndexError: list index out of range\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
@craig-br
Copy link
Author

FYI @justjais

@NilashishC NilashishC added the bug This issue/PR relates to a bug. label Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NilashishC @craig-br