Release of QRadar Packet Capture SFS 7.4.2 (7.4.2 Build 470)

QRadar Packet Capture software updates use an SFS file, and can update an existing QRadar Packet Capture software or appliance installation to the latest version. These updates are cumulative. 

Requirements
Read the following information before you attempt to complete a software install:

• This update should be completed during a scheduled maintenance window. While the system is updating, Packet Captures are not recorded as services are not started. Administrators with multiple capture installations can capture on one appliance while they complete updates on another appliance. The update typically completes in about 10-15 minutes.
• The software 7.4.2 (build 470) update on your own hardware requires Red Hat Enterprise 6.8 or 6.9. You can also use CentOS 6.8 or 6.9.
• This QRadar Packet Capture is intended for version 7.2.8 (any patch version) and later for administrators who want to upgrade to 7.4.2.
• To perform a new install or reinstall, see the QRadar Packet Capture Installation Guide.
• To avoid access errors in your log file, close all open QRadar Packet Capture sessions.
• Google Chrome 44.0 and Mozilla Firefox ESR 38.8 and later browsers are supported. Microsoft Internet Explorer 11 is not supported for QRadar Packet Capture appliances.
• Any search output directories in /extraction that are older than 6 hours will be removed.
• If Search store is full, any search output directories that are older than 3 hours will be removed.
• Software installs are NOT supported on a virtual machines (VMs). For hardware requirements, see the Setup Guide.

Instructions for QRadar Packet Capture 7.4.2 (Build 470)
These instructions guide you through the process of updating an existing QRadar Packet Capture Data Node update or software installation on your own hardware to version: 7.42.470-QRadar-PCAP-build-470.

Procedure

1. Download the software file from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Packet+Capture&release=All&platform=All&function=fixId&fixids=7.4.2-QRADAR-PCAPFULL-470&includeSupersedes=0&source=fc
   
   Note: Installs that use customer hardware are found in the 'Software Installer' section of IBM Fix Central. If you opt to browse Fix Central for the Packet Capture software install for your hardware, the 'Software Installer' section will contain the files. The correct download uses 'build-version.sfs' in the file name to designate software installs.
2. Use SSH to log in to your system as the root user.
3. Copy the software installer to the /tmp directory. If space in the /tmp directory is limited, copy the software update to another location that has sufficient space.
4. To create the /media/updates directory, type the following command: mkdir -p /media/updates
5. Change to the directory where you copied the patch file. For example, cd /tmp
   
   Note: This update will cause downtime while the installation completes. The Packet Capture appliance must be rebooted after the installation completes.

6. To mount the patch file to the /media/updates directory, type the following command:
   mount -o loop -t squashfs 7.4.2-QRadar-PCAP-Build-470.sfs /media/updates
7. Navigate to the /media/updates directory. For example, cd /media/updates
8. Type the following command to begin the update: ./installer.sh
   
   Note: The first time that you run the software install, there might be a delay before the update begins.
   
   
   After the update completes
9. After the patch completes and you have exited the installer, type the following command: umount /media/updates
10. To restart the appliance from the command line, type: reboot.
11. Clear your browser cache before you log in to the Console.
    
    Results
    A summary of the installation advises you of any issues. After the update is complete, send an email to your team to inform them that they will need to clear their browser cache before they log in to QRadar Packet Capture.
    
    
    Troubleshooting
    After the system is rebooted, run the nc_bootcheck.sh command on the Packet Capture software install to verify if the capture server is ready or if the system must be rebooted to complete the installation.

Where do I find more information?