Upgrading QRadar Network Insights

You must upgrade all of your IBM QRadar products in your deployment to the same version.

Restriction: Resizing logical volumes is not supported.

Before you begin

Custom changes that you make to QRadar configuration files do not persist when you upgrade your deployment. Before you upgrade, back up any customized configuration files so that you can refer to them after the upgrade. After the upgrade is complete, do not overwrite the new configuration files with the old files. You must manually re-apply the customized settings.

The file that you use to upgrade QRadar Network Insights depends on which products are installed in your deployment. You must download the correct upgrade file from Fix Central (www.ibm.com/support/fixcentral/).

Table 1. Patch files for upgrading QRadar Network Insights
Deployment scenario Fix Central download
Deployment does not include QRadar Incident Forensics Use the QRadar patch file, which looks similar to this one:

<identifier>_QRadar_patchupdate-<build_number>.sfs

This file upgrades QRadar and QRadar Network Insights appliances.

Deployment includes QRadar Incident Forensics Use the QRadar Incident Forensics patch file, which looks similar to this one:

<identifier>_Forensics_patchupdate-<build_number>.sfs

This .sfs file upgrades the entire QRadar deployment, including QRadar Incident Forensics and QRadar Network Insights.

Procedure

  1. Download the patch update file from Fix Central (www.ibm.com/support/fixcentral/).
  2. Use SSH to log in to your system as the root user.
  3. Copy the patch file to the /tmp directory or to another location that has sufficient disk space.
  4. To create the /media/updates directory, type the following command:

    mkdir -p /media/updates

  5. Change to the directory where you copied the patch file.
  6. To mount the patch file to the /media/updates directory, type the following command:

    mount -o loop -t squashfs <patchupdate_filename>.sfs /media/updates/

  7. To run the upgrade installer, type the following command:

    /media/updates/installer

    The first time that you run the patch installer script, there might be a delay before the first patch installer menu is displayed.

  8. Provide answers to the pre-patch questions based on your deployment.
  9. Use the upgrade installer to upgrade all hosts in your deployment.

    If your SSH session is disconnected while the upgrade is in progress, the upgrade continues. When you reopen your SSH session and rerun the installer, the installation resumes.

  10. After the upgrade is complete, type the following command to unmount the software update:

    umount /media/updates