Installing or upgrading Disconnected Log Collector

Install IBM® Disconnected Log Collector on a computer or virtual machine (VM) that meets all the system requirements. You can install only one instance of Disconnected Log Collector per computer or VM.

Before you begin

Ensure that all system requirements are met and that IBM SDK, Java™ Technology Edition, Version 8, 64-bit is installed. For more information about installing Java, see Installing Java.

About this task

If you have a previous version of Disconnected Log Collector that is installed, upgrade the installation by installing the newer version over your existing installation. Your existing configuration is preserved when you upgrade.

Procedure

  1. Download Disconnected Log Collector from IBM Fix Central (ibm.com/support/fixcentral/).

    On IBM Fix Central, enter disconnected log collector in the Search Fix Central field to find the installation package.

  2. Log in to the Disconnected Log Collector computer or VM as the root user.
  3. Copy the Disconnected Log Collector RPM file to the /tmp directory or your preferred location.
  4. Install Disconnected Log Collector by running the following command:
    Tip: Click the Copy to clipboard icon at the upper right of your code block, then replace the <dlc_installer_file> value with the name of the Disconnected Log Collector RPM file. Then, you can run the command.
    yum -y install /tmp/<dlc_installer_file>.rpm
  5. After the installation is finished, run the following command: 
    systemctl status dlc

    An active (running) message indicates that the installation was successful and that Disconnected Log Collector is running.

Results

By default, Disconnected Log Collector uses the User Datagram Protocol (UDP) to send log events. Because you still must configure a connection to IBM QRadar®, any incoming events are sent only to the local computer.

What to do next

After you install Disconnected Log Collector, you must open firewall ports to allow communication. For more information, see Opening required ports in the Linux firewall.