IBM Support

QRadar: Generating and submitting a DSA for hardware support investigations in Blue Diamond

Troubleshooting


Problem

When hardware issues occur, a DSA analysis report is required for the QRadar Support team to start a hardware case. This article addresses the steps required to upload a DSA for customers who use IBM Blue Diamond for enhanced security. IBM Blue Diamond allows users with sensitive information (PII) to upload and exchange diagnostic data or logs to the Most Sensitive Confidential Information servers within IBM.

Cause

Administrators can use IBM Blue Diamond when your company requires enhanced security or handling files that might contain personally identifiable information (PII). Blue Diamond and Enhanced Secure Support provide extra physical, logical, and administrative security controls, over and above IBM Core Security Practices. When QRadar administrators have hardware cases, DSA logs need to be created with the -v option to create diagnostic data for the appliance in html format.

Resolving The Problem

To create a DSA log with an html output.
  1. Use SSH to log in to the Console as root user.
  2. Use SSH to connect to the appliance that is experiencing a hardware issue.
  3. Navigate to the /opt/qradar/support directory.
  4. To locate the DSA binary file, type: 
    ls -l ibm*
    Note the utility looks similar to ibm_utl_dsa_dsyte1d-9.61_portable_rhel6_x86-64.bin. The permissions on the file are: 
    ls -l ibm*
-rwxr-xr-x 1 root root 65374293 Apr 22 15:16 ibm_utl_dsa_dsyte1d-9.61_portable_rhel6_x86-64.bin
  5. If the permissions are not rwxr-xr-x, type the following command: 
    chmod 755 *utl-dsa*
  6. Run the command: 
    /opt/qradar/support/ibm_utl_dsa_dsyte1d-9.61_portable_rhel6_x86-64.bin -v
  7. When prompted, press Y to continue.
    Note: This version message is displayed as IBM controls the version of DSA on the QRadar appliances. Selecting Yes (Y) allows the report to be generated.
    The output of the file defines the directory for the HTML report. 
    Writing HTML files to directory /var/log/IBM_Support/Unknown_Unknown_20210826-142500

DSA capture completed successfully.
  8. To create the compressed file dsa-bd.tgz, type: 
     tar -czvf dsa-bd.tgz /var/log/*Support
  9. Download the file to a workstation with Internet access.
    Note: If the file is not on the Console, use SCP to move the dsa-bd.tgz file to the Console, then download the tgz to your workstation.
  10. Optional. If you do not have IBM Blue Diamond access, you must register before you can upload files.
  11. Upload the dsa-bd.tgz file to IBM Blue Diamond (https://msciftpgw.im-ies.ibm.com/).

    Results
    IBM requires DSA files to investigate any Lenovo® server issues. Uploading a DSA file in html format allows IBM QRadar support to confirm hardware issues and open a case with the hardware support team. For more information about IBM Enhanced Secure Support, refer to IBM Enhanced Secure Support help.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
26 August 2021

UID

ibm16467965

Page Feedback