Learn how to install SMB Tail and dependent protocols.
About this task
The underlying Java-based SMB library in SMB Tail and all its dependent protocols are
updated. The following list of protocols must be installed or upgraded.
- SMB Tail
- Microsoft Security Event Log over Microsoft Remote Procedure Call (MSRPC)
- Microsoft Exchange
- Microsoft DHCP
- Microsoft IIS
- Oracle Database Listener
Procedure
- Log in to the QRadar Console as a root user.
- Copy all installed and updated Protocol RPMs from Fix Central to a directory on the QRadar Console.
- Go to the directory where you copied the protocol RPMs by entering the following
command:
- To install all the protocol RPMs simultaneously, run the following command in a single
step:
yum install PROTOCOL-SmbTailProtocol-7.5-202XXX.noarch.rpm PROTOCOL-OracleDatabaseListener-7.5-202XXX.noarch.rpm PROTOCOL-WindowsDHCPProtocol-7.5-202XXX.noarch.rpm PROTOCOL-WindowsEventRPC-7.5-202XXX.noarch.rpm PROTOCOL-WindowsExchangeProtocol-7.5-202XXX.noarch.rpm PROTOCOL-WindowsIISProtocol-7.5-202XXX.noarch.rpm
Note: Replace <202XXX>noarch.rpm with the actual RPM file names. You must
ensure that all RPM files are located in the current working directory or specify the full path to
each file.
All specified RPM packages will be installed concurrently as part of a single command execution.
Do not install them one by one.
- From the Admin tab of the QRadar Console, select
Advanced > Deploy Full Configuration.