Installing SMB Tail and dependent protocols

Learn how to install SMB Tail and dependent protocols.

About this task

The underlying Java-based SMB library in SMB Tail and all its dependent protocols are updated. The following list of protocols must be installed or upgraded.
  • SMB Tail
  • Microsoft Security Event Log over Microsoft Remote Procedure Call (MSRPC)
  • Microsoft Exchange
  • Microsoft DHCP
  • Microsoft IIS
  • Oracle Database Listener

Procedure

  1. Log in to the QRadar Console as a root user.
  2. Copy all installed and updated Protocol RPMs from Fix Central to a directory on the QRadar Console.
  3. Go to the directory where you copied the protocol RPMs by entering the following command:
    cd <path_to_directory>
  4. To install all the protocol RPMs simultaneously, run the following command in a single step:
    yum install PROTOCOL-SmbTailProtocol-7.5-202XXX.noarch.rpm PROTOCOL-OracleDatabaseListener-7.5-202XXX.noarch.rpm  PROTOCOL-WindowsDHCPProtocol-7.5-202XXX.noarch.rpm PROTOCOL-WindowsEventRPC-7.5-202XXX.noarch.rpm PROTOCOL-WindowsExchangeProtocol-7.5-202XXX.noarch.rpm PROTOCOL-WindowsIISProtocol-7.5-202XXX.noarch.rpm
    Note: Replace <202XXX>noarch.rpm with the actual RPM file names. You must ensure that all RPM files are located in the current working directory or specify the full path to each file.

    All specified RPM packages will be installed concurrently as part of a single command execution. Do not install them one by one.

  5. From the Admin tab of the QRadar Console, select Advanced > Deploy Full Configuration.