Installing or upgrading Disconnected Log Collector

Install IBM® Disconnected Log Collector on a computer or virtual machine (VM) that meets all the system requirements. You can install only one instance of Disconnected Log Collector per computer or VM.

Before you begin

Ensure that all system requirements are met and that IBM SDK, Java™ Technology Edition, Version 8, 64-bit is installed. For more information about installing Java, see Installing Java.

About this task

If you have a previous version of Disconnected Log Collector that is installed, upgrade the installation by installing the newer version over your existing installation. Your existing configuration is preserved when you upgrade.

Procedure

  1. Download the Disconnected Log Collector installer package from IBM Fix Central (ibm.com/support/fixcentral/).
    Enter dlc v1.8.5 in the Search Fix Central field. The file name for the installer package is dlc-service-install-1.8.5-1.tgz.
  2. Unpack and run the Disconnected Log Collector installer package by running the following command: 
    tar -zxvf dlc-service-install-1.8.5-1.tgz
    The Disconnected Log Collector installer package contains the following files:
    • install.sh
    • install.py
    • uninstall.sh
    • uninstall.py
    • dlc-service-rpms-1.8.5.tgz
  3. Install the Disconnected Log Collector by running the following script: 
    ./install.sh
    Tip: You can add the version that you want to install after the script name. If you don't add a version, the script prompts you to pick a version. If you only have one version of Disconnected Log Collector in your files, the script installs that version.
  4. After the installation is finished, run the following command to restart the Disconnected Log Collector service. 
    systemctl restart dlc
  5. After the Disconnected Log Collector restarts, run the following command to check the system status. 
    systemctl status dlc

    An active (running) message indicates that the installation was successful and that Disconnected Log Collector is running.

Results

By default, Disconnected Log Collector uses the User Datagram Protocol (UDP) to send log events. Because you still must configure a connection to IBM QRadar®, any incoming events are sent only to the local computer.

What to do next

After you install Disconnected Log Collector, you must open firewall ports to allow communication. For more information, see Opening required ports in the Linux firewall.