Troubleshooting
Problem
The administrator is unable to upgrade WinCollect in QRadar, the installer fails with errors related to clinq:
[ERROR](s-ni-testmode) Unable to find cliniq at /opt/qradar/support/cliniq or /media/updates/cliniq/cliniq
[ERROR](s-ni-testmode) Unable to run cliniq.
[ERROR](s-ni-testmode) Unable to run cliniq.
Symptom
- This error can be skipped in non-HA environments by using the flag --skip-cliniq along with the installer:
./installer --skip-cliniq - The flag --skip-cliniq does not work on HA environments, the upgrade runs successfully on the primary console, but it fails with the same clinq errors on the secondary console.
- Example of the errors seen when the WinCollect upgrade fails:
[INFO](s-ni-testmode) Determining newest version of cliniq, based on patch config [ERROR](s-ni-testmode) Unable to find cliniq at /opt/qradar/support/cliniq or /media/updates/cliniq/cliniq [ERROR](s-ni-testmode) Unable to run cliniq. [INFO](s-ni-testmode) Set Console_Name status to 'Patch Test Failed' [ERROR](s-ni-testmode) Patching can not continue
Diagnosing The Problem
This issue is due to the symbolic link for cliniq being broken. To confirm if the symbolic link is OK, use the following steps:
- SSH to the QRadar console as the root user.
- Run the following command:
ls -lah /opt/qradar/support/cliniqOutput example when the symbolic link exists:
Output example when the symbolic link does not exist# ls -lah /opt/qradar/support/cliniq lrwxrwxrwx 1 root root 43 Feb 9 11:38 /opt/qradar/support/cliniq -> /opt/qradar/support/bin/cliniq/cliniq-0.4.3[root@console01 ~]# ls -lah /opt/qradar/support/cliniq ls: cannot access /opt/qradar/support/cliniq: No such file or directoryIf the output says that the directory does not exist, then this is cause of the issue, check the Resolving The Problem section on this article.
Result:
The administrator is able to confirm if the symbolic link for cliniq is OK.
Resolving The Problem
- Login to the QRadar console as the root user.
- Confirm the cliniq bin files exist, run the following command:
Output example, in this example there are two bin files, cliniq-0.4.3 and cliniq-0.7.3, take note of the file with the highest number, in this case cliniq-0.7.3:ls -lah /opt/qradar/support/bin/cliniq*root@console01~]# ls -lah /opt/qradar/support/bin/cliniq* total 12M drwxr-xr-x 2 root root 46 Feb 13 17:42 . drwxr-xr-x 4 root root 33 Jan 30 17:42 .. -rwxr-xr-x 1 nobody nobody 6.6M Feb 6 12:46 cliniq-0.4.3 -rwxr-xr-x 1 nobody nobody 5.0M Feb 6 12:46 cliniq-0.7.3 - Create the missing symbolic link.
Notes:
• Run the following command on both primary and secondary console,
• In the first path of the command, use the clinq bin located in /opt/qradar/support/bin/cliniq/ with the highest number.ln -s /opt/qradar/support/bin/cliniq/cliniq-0.7.3 /opt/qradar/support/cliniq - Run the following command on both primary and secondary console to unmount any unfinished WinCollect upgrade.
umount /media/updates - Mount the WinCollect SFS file again.
- Run the WinCollect installer normally as the documentation says. For more information about how to upgrade WinCollect in the QRadar console, check the Procedure section in Release of WinCollect Agent V7.3.1 patch 3.
Result:
QRadar administrator is able to upgrade the WinCollect version in the QRadar console without any error.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"TS015595996","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
12 April 2024
UID
ibm17145202