Install a IBM®
QRadar®
Console or a managed host on a QRadar appliance or on your own
appliance that is FIPS enabled.
Software versions for all QRadar appliances in a deployment
must be same version and fix level. Deployments that use different versions of software are not
supported.
Before you begin
Ensure that the following requirements are met:
- The correct hardware is installed.
- Create a bootable USB flash drive with Red Hat Linux. For more information, see Creating a bootable USB
drive with Red Hat Linux®.
- Install QRadar with a USB flash drive. For more information, see Installing QRadar with a USB
drive.
- You have the required license key for your appliance.
- A keyboard and monitor are connected by using the VGA connection.
- If you want to configure bonded network interfaces, see Configuring bonded management interfaces.
- If you are installing QRadar on a Unified Extensible
Firmware Interface (UEFI) system, secure boot must be disabled.
- QRadar 7.5.0 Update
Package 2 and later, can be installed using Appliance Install on an Unified Extensible Firmware
Interface (UEFI) system with Secure Boot enabled or disabled. If Secure Boot is enabled, QRadar does not function
properly until you enroll the public key and reboot the system. If Secure Boot is disabled, you can
install the public key if you plan to use Secure Boot in the future. For more information, see Enabling secure boot.
FIPS installation onlyAttention: To install an appliance with FIPS enabled,
add qradar.fips=1
to the vmlinuz
.
Procedure
- FIPS installation only On the Red Hat Enterprise Linux 7.9
installation page, press Tab to edit the vmlinuz line.
- FIPS installation only Add
qradar.fips=1
to the vmlinuz
line and press Enter. The result might look similar to this example:
vmlinuz initrd=initrd.img inst.stage2=hd:LABEl=QRadar-2020_11_0_20201210153453 quiet inst.text inst.gpt inst.ks=hd:LABEL=QRadar-2020_11_0_20201210153452console=ttyS0,9600 console=tty1 qradar.fips=1
-
Type root at the login prompt to start the installation wizard. Type
password if you are prompted for a password.
-
Accept the End-User license Agreement.
-
Select the appliance type:
- Appliance Install
- High Availability Appliance
- If you selected High Availability Appliance, complete the
following steps:
- Select HA appliance (All models) 500 as the
function.
- Select whether the high-availability (HA) appliance is a standby for a console or
nonconsole appliance.
- Select Next.
-
If you did not choose High Availability Appliance, select the appliance
assignment, and then select Next.
-
For the type of setup, select Normal Setup (default) or HA
Recovery Setup, and set up the time.
-
If you selected HA Recovery Setup, enter the cluster virtual IP
address.
-
Select the Internet Protocol version:
- ipv4
- ipv6
If you selected
ipv6, select
manual or
auto for the
Configuration
type.
- manual
- You must use a static IP address with a CIDR range.
- auto
- A static IP address with a CIDR range is generated with the Neighbor Discovery Protocol.
-
If required, select the bonded interface setup.
-
Select the management interface.
-
In the wizard, enter a fully qualified domain name in the Hostname
field.
Important: The hostname must not contain only numbers.
-
In the IP address field, enter a static IP address, or use the assigned
IP address.
-
If you do not have an email server, enter localhost in the
Email server name field.
-
Enter a root password that meets the following criteria:
- Contains at least 5 characters
- Contains no spaces
- Can include the following special characters: @, #, ^, and *.
- If you are installing a Console, enter an admin password that
meets the following criteria:
- Contains at least 8 characters
- Contains at least one uppercase character
- Contains at least one lowercase character
- Contains at least one digit
- Contains at least one special character: @, #, ^, or *
-
Click Finish.
-
Follow the instructions in the installation wizard to complete the installation.
The installation process might take several minutes.
-
If you are installing a Console, apply your license key.
-
Log in to QRadar as
the admin user:
https://<IP_Address_QRadar>
-
Click Login.
-
On
the navigation menu ( ), click
Admin.
-
In the navigation window, click .
-
From the Display list box, select Licenses, and
upload your license key.
-
Select the unallocated license and click Allocate System to
license.
-
From the list of systems, select a system, and click Allocate System to
License.
-
If you want to add managed hosts, see Adding a managed host in the IBM
QRadar Administration Guide.
- FIPS installation only Verify that FIPS mode is enabled by typing the following
command.
/opt/qradar/bin/myver
-fips
The output is 'true' on a FIPS mode enabled system and
'false' when FIPS mode is not enabled.
If the result is false, try to reinstall with FIPS mode
enabled.
What to do next
- FIPS installation only Migrate to Docker-EE. For more information, see Migrating to Docker Enterprise Edition with FIPS.
- FIPS installation only Update the cryptographic modules. For more information, see Updating
cryptographic modules for FIPS.
-
Installing the QRadar Log Source Management app
(https://www.ibm.com/docs/en/SS42VS_SHR/com.ibm.lsmapp.doc/c_Qapps_LSM_intro.HTML).