IBM Support

Release of QRadar Network Packet Capture 7.5.0 (Build 1500)

Release Notes


Abstract

A list of the installation instructions for the release of QRadar Network Packet Capture 7.5.0 (Build 1500) ISO. These instructions are intended for administrators who want to install QRadar Network Packet Capture 7.5.0 (Build 1500), or who want to update appliances from QRadar Network Packet Capture 7.3.2 (Build 5015) or later to QRadar Network Packet Capture 7.5.0 (Build 1500).

Content

About this installation

 

These instructions are intended to assist administrators who want to install QRadar Network Packet Capture 7.5.0, or who want to update appliances from QRadar Network Packet Capture 7.3.2 (Build 5015) or later to QRadar Network Packet Capture 7.5.0 (Build 1500). These instructions cover both upgrade and clean install procedures.

License terms and conditions

Users must now review terms and conditions before they can log in to QRadar Network Packet Capture. The Login button appears only after you click the checkbox that indicates that you have read and accept the terms.

For more information, see Updating the license usage agreement.

Configuring the IP address

When the QRadar Network Packet Capture 7.5.0 installation is complete, the Configure System menu no longer runs on the IMM Remote Control screen. You must authenticate in a terminal window, and run the Network Manager text user interface (nmtui) tool to set the IP address for the QRadar Network Packet Capture server.

For more information, see Configuring the IP address.

Known Issue

Outdated version of NGINX
If you are upgrading from an earlier version of Network Packet Capture and your server does not have NGINX 1.16 or later installed, the software update fails and displays the following error message. 
Error: Package: 1:nginx-all-modules-1.12.2-3.el7.noarch (@anaconda/7.5)
        Requires: nginx-mod-http-geoip = 1:1.12.2-3.el7
To work around this problem, complete the following steps:
  1. Reboot your appliance.
  2. Use SSH or IMM to log in to your Network Packet Capture server as the root user.
  3. Run the following commands to remove NGINX from the Network Packet Capture server:
    rpm -e --nodeps nginx
    rpm -e --nodeps nginx-mod-http-xslt-filter-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-all-modules-1.12.2-3.el7.noarch
    rpm -e --nodeps nginx-mod-http-image-filter-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-stream-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-mail-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-http-perl-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-http-geoip-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-filesystem-1.12.2-3.el7.noarch
  4. Use the ISO file to reboot the appliance and perform the software update.

Before you install

Ensure that you take the following precautions:

  • This procedure uses IBM's integrated management module (IMM). This interface must be available/configured to mount the ISO file to complete the update.
  • This installation must be completed during a scheduled maintenance window. While the system is updating, Network Packet Captures are not recorded as services are not started.
  • Ensure that you are logged in to the QRadar Network Packet Capture appliance as an administrator.
  • Your system meets the minimum hardware requirements.
  • A keyboard and monitor are connected by using the VGA connection.
 

Completing the Install

 


Required files
Download the QRadar NETPCAP-7.5.0-1500 file from IBM Fix Central: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=7.5.0&platform=Linux&function=fixId&fixids=7.5.0-QRadar-NETPCAP-Upgrade-1500&includeRequisites=1&includeSupersedes=0&downloadMethod=http


Procedure

  1. Log in to the QRadar Network Packet Capture IMM interface using your web browser.
  2. Click Remote Control.
  3. To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
  4. Click Start Remote Control in Single User Mode.
    NOTE: You should always use single user mode for remote connections for updates.
  5. Verify that the Allow others to request my remote session disconnect check box is unchecked. It is not recommended to allow other users to request the active session for firmware updates.
  6. From the menu, select Virtual Media > Activate.
  7. From the menu, select Virtual Media > Select Devices to Mount.
  8. From the Devices window click Add Image.
  9. Select the QRadar NETPCAP-7.5.0-1500 image and click Open.
  10. Select the option with your ISO, such as CD/DVD - QRadar NETPCAP-7.5.0-1500 and verify that the Mapped check box is selected.
  11. Click Mount Selected.
  12. Reboot the appliance.
  13. When the splash menu is displayed, press <F12> Select Boot device.
  14. Begin the installation.
    1. If you are performing a clean install, in the Boot Devices Manager window, select the Install QRadar NETPCAP-7.5.0-1500 option from the boot menu.
    2. If you are performing an upgrade, in the Boot Devices Manager window, select the Upgrade Pandion option from the boot menu.
  15. Wait for the installation to complete.
  16. After the QRadar Network Packet Capture appliance is updated, restart the appliance when prompted.

 

Installation wrap-up

After you have completed the installation, log in to IMM and select Virtual Media > Unmount All.
 

 
Issues resolved in QRadar Network Packet Capture 7.5.0 (Build 1500)
Product Component Number Description





Where do I find more information?


 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwszAAA","label":"Install"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Document Information

Modified date:
27 July 2022

UID

ibm16538676

Page Feedback