Setting up a QRadar silent installation
Install IBM® QRadar® "silently," or perform an unattended installation.
Before you begin
- You must have the QRadar ISO for the release that you want to install.
Modify the SELINUX value in the /etc/sysconfig/selinux file to SELINUX=disabled, and restart the system.
You must install Red Hat Enterprise Linux (RHEL) on the system where you want to install QRadar. For more information, see Installing RHEL on your own appliance. The following table describes the version of Red Hat® Enterprise Linux® used with the IBM QRadar version.
Table 1. Red Hat version IBM QRadar version Red Hat Enterprise Linux version IBM QRadar 7.4.0 Red Hat Enterprise Linux V7.6 64-bit IBM QRadar 7.4.1 Red Hat Enterprise Linux V7.7 64-bit IBM QRadar 7.4.2 Red Hat Enterprise Linux V7.7 64-bit IBM QRadar 7.4.3 Red Hat Enterprise Linux V7.7 64-bit
- As the root user, use SSH to log on to the host where you want to install QRadar.
In the root directory of the host where you want to install QRadar, create a file that is
named AUTO_INSTALL_INSTRUCTIONS and contains the following content:
Table 2. Silent Install File parameters. Parameters that are listed as "Optional" are required in the AUTO_INSTALL_INSTRUCTIONS file, but can have no value. Parameter Value Required? Description Permitted values force Required Forces the installation of the appliance despite any hardware issues. true or false api_auth_token Optional An authorization token. For more information about managing authorized services, see the IBM Security QRadar Administration Guide. Authorization token appliance_number Optional The identifier for the appliance 0, 3105, 1201,
and so on.
appliance_oem Required Identifies the appliance provider. qradar, forensics, and so on. appliance_filter Required The appliance name or identifier. vmware, na bonding enabled Required. Specifies whether you are using bonded interfaces. true or false bonding
If using bonded interfaces, then required. The MAC addresses for the interfaces that you are bonding, separated by commas. <interface_name
If using bonded interfaces, then required. Identifies the bonding interface. bond0 bonding_options If using bonded interfaces, then required. The Linux options for bonded interfaces. For more information about NIC bonding, see the IBM Security QRadar Administration Guide.Example: miimon=100 mode=4 lacp_rate=1 ha_cluster_
Optional Specifies the IP address for the HA cluster. ip_address hostname Required The fully qualified host name for your QRadar system. ip_protocol Required The IP protocol for this host.
ip_dns_primary If ip_protocol is set to IPv4, then required The primary DNS server.
A valid IPv4 address.
ip_dns_secondary If ip_protocol is set to IPv4, then required The secondary DNS server.
A valid IPv4 address.
Required The interface name, and the MAC address of the management interface. You can use either, or both separated by "=". ipv4_address If ip_protocol is set to IPv4, then required The IP address of the host that you are installing the software on. A valid IPv4 address ipv4_address
If ip_protocol is set to IPv4, and NATed, then required The public IP address of the host that you are installing the software on. A valid IPv4 address ipv4_gateway If ip_protocol is set to IPv4, then required The network gateway for this host
A valid IPv4 address
ipv4_nework_mask If ip_protocol is set to IPv4, then required The netmask for this host ip_v6_address If ip_protocol is set to IPv6, then required The IPv6 address of the QRadar installation if required.
A valid IPv6 address
If ip_protocol is set to IPv6, and NATed, then required The public IP address of the host that you are installing the software on.
A valid IPv6 address
ip_v6_autoconf Required Specifies whether IPv6 is autoconfigured. true or false ip_v6_gateway Not required Leave empty. is_console Required Specifies whether this host is the console within the deployment
true - This host is the console in the deployment
false - This is not the console and is another type of managed host (Event or Flow Processor, and so on)
Required. Specifies whether this host is an HA console standby true or false admin_password Optional. The password for the administrator account. You can encrypt the password if required. If you leave this parameter blank, the password is not updated. <password>Important: Your company's security policies can prevent you from entering a password in a static file on the appliance.
Defined, or leaving the value empty to use a previously entered password on an upgrade.
root_password Required The password for the root account. You can encrypt the password, if required. If you leave this parameter blank, the password is not updated. <password>Important: Your company's security policies can prevent you from entering a password in a static file on the appliance.
Defined, or leaving the value empty uses a previously entered password on an upgrade.
If isconsole is set to Y, then required The security template
This value must be consistent with the value entered in appliance_number.
Enterprise - for all SIEM-based hosts
Logger - for Log Manager
Required The current date for this host.
Use the following format:
Required The time for the host in the 24 hour format HH:MM:SS. time_ntp_server Optional The FQHN or IP address of the network time protocol (NTP) server. timezone Required The time zone from the TZ database. For more information, see http://timezonedb.com/.
Asia/Tokyo, and so on.
type_of_setup Required Specifies the type of installation for this host
normal- A standard QRadar managed host or console deployment.
recovery - A High Availability (HA) recovery installation on this host.
console_host Required for SIOC The name for your IBM QRadar on Cloud system. IP address Gateway setup choice Required for SIOC Type True if this appliance is an IBM QRadar on Cloud gateway. Type False if the appliance is not a gateway appliance. true or false http_proxy_host Optional The host name of the proxy host for the IBM QRadar on Cloud appliance. http_proxy
Optional The password for the proxy host for the IBM QRadar on Cloud appliance. http_proxy_port Optional The identifier for the port you connect to on the proxy host for the IBM QRadar on Cloud appliance. http_proxy_user Optional The user name for the proxy host for the IBM QRadar on Cloud appliance. internet_access
Required for SIOC The mode that you use to access the IBM QRadar on Cloud appliance direct or proxyExample:
#0.0.1 ai_force=<true_false> ai_api_auth_token= <certificate> ai_appliance_number= <####> ai_appliance_oem= <qradar_forensics_or_oem> ai_appliance_filter= <appliance_number_or_identifier> ai_bonding_enabled= <true_or_false> ai_bonding_interfaces= <mac_address> ai_bonding_interface_name= <interface_identifier> ai_bonding_options= <bonding_option_identifiers> ai_gateway_setup_choice= <true_or_false> ai_ha_cluster_virtual_ip= <IP_address> ai_hostname= <hostname_with_FQDN> ai_ip_dns_primary= <IP_address_of _primary_DNS> ai_ip_dns_secondary= <IP_address_of_secondary DNS> ai_ip_management_interface= <MAC_address> ai_ip_protocol= <ipv4_or_ipv6> ai_ip_v4_address= <IP_address> ai_ip_v4_address_public= <public_IP_address> ai_ip_v4_gateway= <IP_address_of_gateway> ai_ip_v4_network_mask= <network_mask> ai_ip_v6_address= <IPv6_address> ai_ip_v6_address_public= <IPv6_public_address> ai_ip_v6_autoconf= <true_false> ai_ip_v6_gateway= <IP_address> ai_is_console= <true_or_false> ai_is_console_standby= <true_or_false> ai_root_password= <password_for_root_account> ai_security_template= <enterprise_or_logger> ai_time_current_date= <yyyy-mm-dd> ai_time_current_time= <hh:mm:ss> ai_time_ntp_server= <ntpserver_hostserver> ai_timezone= <EST_or_PST_or_timezone> ai_type_of_setup= <normal_or_recovery> ai_console_host= <IP_address_or_identifier_for_SIOC_7000_host> ai_http_proxy_host= <SIOC_7000_proxy_hostname> ai_http_proxy_password= <SIOC_7000_proxy_password> ai_http_proxy_port= <SIOC_7000_proxy_port> ai_http_proxy_user= <SIOC_7000_proxy_user_name> ai_internet_access_mode= <SIOC_7000_direct_or_proxy>
Replace the configuration settings in the file with ones that are suitable for your environment.Important: Ensure that the AUTO_INSTALL_INSTRUCTIONS file has no extension, such as .txt, or .doc. The installation does not succeed if the file has an extension.
- Using an SFTP program copy the QRadar ISO to the host where you want to install QRadar.
On the host where you are installing, create a /media/cdrom directory on
the host by using the following command:
Mount the QRadar ISO by
using the following command:
mount -o loop <qradar.iso> /media/cdrom
Run the QRadar setup by
using the following command:
- Open the End User License Agreement (EULA) at
- To agree to the EULA, add
/media/cdrom/setupcommand.When you add
--accept-eula, you bypass the EULA prompt.