How To
Summary
Sometimes it is necessary to perform a manual deploy of a malfunctioning managed host when it cannot download replication and processes are failing to start. How can you force the managed host to deploy its Configurationset to address such a problem?
Objective
In some instances configuration fails to replicate fully. The configuration files on QRadar can become corrupted or unavailable.
A partially missing, entirely missing, or corrupt Configurationset on a managed host can cause a wide range of issues, including communication problems. Examples of files that fall into this category:
A partially missing, entirely missing, or corrupt Configurationset on a managed host can cause a wide range of issues, including communication problems. Examples of files that fall into this category:
- nva.conf
- nva.hostcontext.conf
- frameworks.properties
In most cases, running a full deploy will resolve these problems by rewriting the Configurationset. However, when performing a full deploy from the Console UI or Command-Line, there are not possible or is not practical. In such cases, forcing a local Configurationset transform can be a viable option.
Steps
The script /opt/qradar/bin/local_transformation.sh makes it possible to force a managed host to transform the Configurationset for its local use, effectively performing a full deploy on the managed host only.
Before You Begin
The script requires the following preconditions to function:
- The Console is running the Tomcat service.
- The managed host is running Hostcontext.
- No current deploy, add or remove managed host actions are in progress.
- On the console cd to the Configurationsets directory:
cd /store/configservices/configurationsets/ -
Using SCP to copy the following Configurationset files from the Console to the managed host in question:Warning: The following command is not to be run on the Console or it will corrupt the Console.
scp globalset_list.xml zipfile_GEN.full.zip zipfile_QVM.full.zip <managedhost ip>:/store/configservices/configurationsets - SSH to the managed host. Run the replication .pl script to replicate the Postgress database on the managed host:
/opt/qradar/bin/replication.pl -download
Warning: The following command is not to be run on the Console or it will corrupt the Console. -
On the same managed host run the transformation.sh script with the following flags to force a full deploy on the managed host:
/opt/qradar/bin/local_transformation.sh -l -fIf successful, the output will display the following:Starting up... Deployment status set to 'Initiating Deployment' Deployment status set to 'In Progress' Deployment status set to 'Success' Deploy Global Set: Done. local_transformation: End.
Additional Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.3;7.4.1"}]
Was this topic helpful?
Document Information
Modified date:
07 December 2020
UID
ibm11075107