These instructions are intended to assist administrators who want to install QRadar Network Packet Capture 7.4.0 Fix Pack 1 (Build 1018), or who want to update appliances from QRadar Network Packet Capture 7.3.2 (Build 5015) or later to QRadar Network Packet Capture 7.4.0 Fix Pack 1 (Build 1018). These instructions cover both upgrade and clean install procedures.

Enable support login (SSH)

You can restrict SSH access to specific IP addresses by configuring the SUPPORT LOGIN (SSH) widget. This capability provides specific users with remote root-level access to the system, which is useful for advanced troubleshooting and debugging.

For more information, see Enable support login (SSH)

Before you install

• This procedure uses IBM's integrated management module (IMM). This interface must be available/configured to mount the ISO file to complete the update.
• This installation must be completed during a scheduled maintenance window. While the system is updating, Network Packet Captures are not recorded as services are not started.
• Ensure that you are logged in to the QRadar Network Packet Capture appliance as an administrator.
• Your system meets the minimum hardware requirements.
• A keyboard and monitor are connected by using the VGA connection.

Completing the Install

Required files
Download the 7.4.0-QRadarPCAP-upgrade-7.4.0-1018 from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=All&function=fixId&fixids=7.4.0-QRadar-NETPCAP-Upgrade-1018&includeSupersedes=0&source=fc

Procedure

1. Log in to the QRadar Network Packet Capture IMM interface using your web browser.
2. Click Remote Control.
3. To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
4. Click Start Remote Control in Single User Mode.
   NOTE: You should always use single user mode for remote connections for updates.
5. Verify that the Allow others to request my remote session disconnect check box is unchecked. It is not recommended to allow other users to request the active session for firmware updates.
6. From the menu, select Virtual Media > Activate.
7. From the menu, select Virtual Media > Select Devices to Mount.
8. From the Devices window click Add Image.
9. Select the QRadarPCAP-upgrade-7.4.0-1018 image and click Open.
10. Select the option with your ISO, such as CD/DVD - QRadarPCAP-upgrade-7.4.0-1018 and verify that the Mapped check box is selected.
11. Click Mount Selected.
12. Reboot the appliance.
13. When the splash menu is displayed, press <F12> Select Boot device.
14. Begin the installation.
    1. If you are performing a clean install, in the Boot Devices Manager window, select the Install QRadar PCAP-7.4.0-1018 option from the boot menu.
    2. If you are performing an upgrade, in the Boot Devices Manager window, select the Upgrade Pandion option from the boot menu.
15. Wait for the installation to complete.
16. After the QRadar Network Packet Capture appliance is updated, restart the appliance when prompted.

Installation wrap-up

After you have completed the installation, log in to IMM and select Virtual Media > Unmount All.
 

Where do I find more information?