Installing QRadar Network Packet Capture on IBM hardware

IBM® QRadar® Network Packet Capture appliances already have the QRadar Network Packet Capture software pre-installed. You might need to reinstall the software if, for example, you want to add Direct-Attached Storage devices or if you are recovering from a hardware failure.

Before you begin

Before you install the software, make sure that the following requirements are met:
  • You are using an IBM-supplied QRadar Network Packet Capture appliance.
  • You are logged in to the appliance as an administrator.
  • The computer that you use to mount the .iso file must be on the same network as the appliance that you want to install on.

    Network and internet latency across networks can cause the installation to fail.

  • If you are using a USB flash drive to install, connect a keyboard and monitor by using the VGA connection.

About this task

Warning: QRadar Network Packet Capture configurations are lost when reinstalling the appliance. For more information about the impact on your configuration and capture data, see Installation overview.

Procedure

  1. Download the .iso image from IBM Fix Central (www.ibm.com/support/fixcentral).
    The .iso file is named either x.x.x-QRadar-NETPCAP-Upgrade-nnnn.iso or x.x.x-QRadar-NETPCAPFULL-nnnn.iso, where:
    • x.x.x is the release version.
    • nnnn is a four-digit number that is allocated to the build.
    For example, if you want do a clean installation of QRadar Network Packet Capture 7.4.1 and remove capture data that was previously collected, download 7.4.1-QRADAR-NETPCAPFULL-1110.

    If you want to reinstall or upgrade to QRadar Network Packet Capture 7.4.1 and keep captured data, select 7.4.1-QRADAR-NETPCAP-Upgrade-1110.

  2. To use IMM2 to mount the .iso image, follow these steps:
    1. Log in to the IMM2 management module.

      You must access the IMM2 management module by using Active X with Internet Explorer, or a browser that supports Java™.

    2. Click Remote Control.
    3. To start the remote control session, click Active X if you are using Internet Explorer, or click Java for all other browsers.
    4. Click Start Remote Control in Single User Mode to start the session.
    5. On the Virtual Media menu, click Activate.
    6. On the Virtual Media menu, click Select Devices to Mount.
    7. In the Select Devices to Mount window, click Add Image.
    8. Locate the .iso image that you want to use, and click Open.
    9. Select the Mapped checkbox next to the drive to mount, and click Mount Selected.

    To watch a video tutorial about mounting an .iso by using the IMM2 management module, see QRadar: Mounting ISOs Using IMM (https://www-01.ibm.com/support/docview.wss?uid=swg21974632).

  3. Alternatively, you can copy the .iso to a bootable USB flash drive.

    For more information, see Creating a bootable USB flash drive with Red Hat® Linux®.

  4. Restart the appliance.
  5. When the splash menu is displayed, select the boot device.
    • If you are installing on a Lenovo appliance, follow these steps:
      1. Select <F12> Select Boot Device to open the Boot Devices Manager window.
      2. Select CD/DVD.
    • If you are installing on a Dell appliance, follow these steps:
      1. Select <F11> to open the Boot Devices Manager window.
      2. Select One-shot UEFI Boot Menu and then select Virtual Optical Drive.
      Note: If you are using a USB flash drive and the USB is not listed as a bootable device, restart the QRadar Network Packet Capture appliance.
  6. Select either Install or Reinstall to start the installation process.
    The installation options are different depending on which .iso your downloaded.
    Warning: When you choose Install, existing capture data is deleted. If you want to keep existing capture data, you must use the upgrade .iso, and select Reinstall.
  7. After the installation is completed, restart the appliance.

Results

QRadar Network Packet Capture is installed. You can now configure the IP and network settings, and update the license usage agreement.