IBM Support

Release of QRadar Network Packet Capture 7.5.0 Update Package 7 (Build 1509)

Release Notes


Abstract

This document includes installation instructions and known issues for QRadar Network Packet Capture 7.5.0 Update Package 7 (Build 1509).

You must have QRadar Network Packet Capture 7.3.2 (Build 5015) or later to upgrade to this version.

Content

About this installation

 

Follow these instructions to upgrade your appliance to use QRadar Network Packet Capture 7.5.0 Update Package 7 (Build 1509).

Upgrade Known Issues

A backup of "terms.txt" is required if it was modified before upgrading to 7.5.0-1509 
If the terms.txt (found on the appliance at "/opt/pandion/client/terms.txt") has been modified to display custom license terms, the file must be backed up before performing the upgrade to the latest release. The 7.5.0-1509 release replaces the contents of the terms.txt file with the IBM license terms. After the upgrade is completed, replace the terms.txt with the custom version. 
Outdated version of NGINX
If you are upgrading from an earlier version of Network Packet Capture and your server does not have NGINX 1.16 or later installed, the software update fails and displays the following error message. 
Error: Package: 1:nginx-all-modules-1.12.2-3.el7.noarch (@anaconda/7.5)
        Requires: nginx-mod-http-geoip = 1:1.12.2-3.el7
To work around this problem, complete the following steps:
  1. Restart your appliance.
  2. Use SSH or IMM to log in to your Network Packet Capture server as the root user.
  3. Run the following commands to remove NGINX from the Network Packet Capture server:
    rpm -e --nodeps nginx
    rpm -e --nodeps nginx-mod-http-xslt-filter-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-all-modules-1.12.2-3.el7.noarch
    rpm -e --nodeps nginx-mod-http-image-filter-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-stream-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-mail-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-http-perl-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-mod-http-geoip-1.12.2-3.el7.x86_64
    rpm -e --nodeps nginx-filesystem-1.12.2-3.el7.noarch
  4. Use the ISO file to reboot the appliance and install the software update.

Before you install

Ensure that you take the following precautions:

  • This procedure uses IBM's integrated management module (IMM). This interface must be available/configured to mount the ISO file to complete the update.
  • This installation must be completed during a scheduled maintenance window. While the system is updating, Network Packet Captures are not recorded as services are not started.
  • Ensure that you are logged in to the QRadar Network Packet Capture Appliance as an administrator.
  • Your system meets the minimum hardware requirements.
  • A keyboard and monitor are connected by using the VGA connection.
 

Important: If you have a stacked configuration of QRadar Network Packet Capture appliances, you must unstack your appliances before you can upgrade. Upgrade each appliance individually and then re-create the stack. Unstacking the appliances ensures that your data is preserved during the upgrade. You must also turn off Traffic Capture.

Completing the Installation


Required files for upgrade installation
Download the 7.5.0-QRadar-NetworkPCAP-Upgrade-1509.iso file from IBM Fix Central. You must have QRadar Network Packet Capture 7.3.2 (Build 5015) or later to use this installation file: https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=7.5.0&platform=Linux&function=fixId&fixids=7.5.0-QRadar-NETPCAP-Upgrade-1509&includeSupersedes=0&source=fc


Procedure

  1. Log in to the QRadar Network Packet Capture IMM interface by using your web browser.
  2. Click Remote Control.
  3. To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
  4. Click Start Remote Control in Single User Mode.
    NOTE: You should always use single user mode for remote connections for new installations or upgrades.
  5. Verify that the Allow others to request my remote session disconnect checkbox is cleared. It is not recommended to allow other users to request the active session for firmware updates.
  6. From the menu, select Virtual Media > Activate.
  7. From the menu, select Virtual Media > Select Devices to Mount.
  8. From the Devices window, click Add Image.
  9. Select the QRadar Network Packet Capture image that was downloaded from Fix Central and click Open.
  10. Select the option with your ISO, and verify that the Mapped checkbox is selected.
  11. Click Mount Selected.
  12. Restart the appliance.
  13. When the splash menu is displayed, press <F12> Select Boot device.
  14. In the Boot Devices Manager window, select CD/DVD and press enter to start the upgrade installation.
  15. Wait for the installation to complete.
  16. After the QRadar Network Packet Capture Appliance is updated, restart the appliance when prompted.

Installation wrap-up

After the installation is completed, log in to IMM and select Virtual Media > Unmount All.
 

 




Where do I find more information?



 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwszAAA","label":"Install"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Document Information

Modified date:
26 October 2023

UID

ibm17058368