Troubleshooting
Problem
Administrator is unable to completely upgrade the WinCollect version in QRadar due to the following error:
/media/updates/installer: line 70: screen: command not found
This message is seen while doing a WinCollect upgrade on QRadar 7.5.0 UP8 via SFS installation method.
Symptom
When doing a Wincollect upgrade on QRadar 7.5.0 UP8 via SFS installation method, the administrator receives error messages like the following:
[root@primary]# /media/updates/installer
/media/updates/installer: line 70: screen: command not found
/media/updates/installer: line 82: exec: screen: not found
Resolving The Problem
In order to resolve this issue we need to install the WinCollect RPMs manually.
Note:
- It is recommended to run the following commands during a maintenance window as the restart of multiple services is required to complete the process.
- For more information about the impact of restarting a service in QRadar, check the following link:
QRadar: Core services and the impact of restarting services.
- SSH to the QRadar console as the root user.
- Make sure the .sfs file is in the the /storetmp directory.
- Move to the /storetmp directory with the following command:
cd /storetmp
- Mount the SFS file to the /media/updates directory. Type the following command, replace <patch file sfs name> with the .sfs file name:
mount -o loop -t squashfs <patch file sfs name>.sfs /media/updates
mount -o loop -t squashfs 750_QRadar_wincollectupdate-7.3.1-43.sfs /media/updates
- Go to the directory where the RPM file are located. Run the following command:
cd /media/updates/repo
- Install the RPM file for the WinCollect agent, run the following command:
yum -y install AGENT*
- Install the RPM's for the PROTOCOL files, run the following command:
yum -y install PROTOCOL*
- Run the following command to restart the tomcat process:
Notes:
• Tomcat provides access to QRadar through the graphical interface, during the restar this access is interrupt.
• The tomcat process takes a couple minutes before is completely back on.systemctl restart tomcat
- Run a full After the access to QRadar through the graphical interface is restored, go to Admin, then click Advanced and select the option for Deploy Full Configuration:
- Restart the collection services. Go to Admin, then click Advanced and select the option for Restart Event Collection Services:
- Unmount the .sfs file, run the following command:
umount /media/updates
Result:
The administrator is able to upgrade the WinCollect version on the console manually.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"TS016372734","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
09 August 2024
UID
ibm17157044