IBM Support

Interim Fix 01 - For QRadar 7.2.8 Patch 8 (7.2.8.20170707222831)

Release Notes


Abstract

Installation instructions and resolved issues list for Interim Fix 01 of IBM Security QRadar 7.2.8 Patch 8 (7.2.8.20170707222831).

Content

Interim fixes are intended to resolve specific reported issues in the latest QRadar version. An interim fix is a small update, typically smaller than 10MB. If your deployment is installed with IBM Security QRadar 7.2.8 Patch 8 (7.2.8.20170707222831), then this interim fix can be applied to your system. Interim fixes are cumulative. If multiple interim fixes exist for a patch level, then highest number interim fix can be installed and all lower level interim fixes are included.


Issues resolved in Interim Fix 01 for QRadar 7.2.8 Patch 8
Product Component Number Description
QRADARUSER INTERFACEIV98386LOG SOURCE USER INTERFACE EDITS DO NOT SAVE ENABLED, COALESCING EVENTS, STORE EVENT PAYLOAD, AND GROUP ASSIGNMENT CHECK BOX ACTIONS

Before you begin
The following information will help prevent installation messages during install:

  • Interim Fix 01 for 7.2.8 Patch 8 resolve as user interface issue, so this interim fix only needs to be installed on the QRadar Console.
  • These instructions only apply to the 7.2.8 Patch 8 Interim Fix 01. There is a 7.3.0 Patch 2 version of this interim fix here: http://www.ibm.com/support/docview.wss?uid=swg27050114.
  • To avoid access errors in your log file, close all open QRadar sessions.
  • The interim fix for QRadar cannot install on a Console that is at any version below 7.2.8 Patch 8.
  • Verify that all changes are deployed on your appliances. The patch cannot install on appliances that have changes that are not deployed.
  • This interim fix will restart Tomcat during the update, which will log off all active users. The Tomcat restart will also impact reports in progress and they might need to be manually restarted in the user interface after the interim fix is applied and the user interface is available.

About this task
Interim fixes are software updates intended to fix a small number of known software issues in your QRadar deployment. The interim fix restarts services, which halts event and flow collection in your deployment until the installation completes.

Procedure

  1. Download the interim fix 01 for QRadar 7.2.8 Patch 8 (7.2.8-QRADAR-QRSIEM-201707261911371INT) from the IBM Fix Central website:
    http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20170726191137INT&includeSupersedes=0&source=fc

  2. Using SSH, log in to your system as the root user.

  3. Copy the interim fix to the /tmp directory on the QRadar Console.

    Note: If space in the /tmp directory is limited, copy the interim fix to another location that has sufficient space.

  4. To create the /media/updates directory, type the following command: mkdir -p /media/updates

  5. Change to the directory where you copied the patch file. For example, cd /tmp

  6. To mount the patch file to the /media/updates directory, type the following command: 
    mount -o loop -t squashfs
    728_QRadar_interimfix-7.2.8.20170707222831-IF01-20170726191137.sfs /media/updates/

  7. To run the patch installer, type the following command: /media/updates/installer
    The first time that you run the interim fix, there might be a delay before the installation menu is displayed.

  8. Using the patch installer, select all.

    The all option updates the software on all systems in your deployment. In HA deployments, primary HA appliances are patched and replicate the patch update to the secondary HA appliance. For interim fixes, the all option is recommended as the updates are typically small (less than 10MB) and install quickly.

    NOTE: If your Secure Shell (SSH) session is disconnected while the installation is in progress, the installation continues. When you reopen your SSH session and rerun the installer, the current state of the installation is displayed.

  9. After the install completes, administrators and users should clear their browser cache before logging in to the Console.


Results

A summary of the interim fix installation advises you of any managed host that were not updated. If the interim fix fails to update a managed host, you can copy the interim fix to the host, then mount and run the installation locally.


Where do I find more information?





[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Release Notes","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
10 May 2019

UID

swg27050113