How To
Summary
Sometimes it is necessary to perform a manual deploy of a malfunctioning managed host when it cannot download replication and processes are failing to start. How can you force the managed host to deploy its Configurationset to address such a problem?
Objective
In some instances configuration fails to replicate fully. The configuration files on QRadar can become corrupted or unavailable.
A partially missing, entirely missing, or corrupt Configurationset on a managed host can cause a wide range of issues, including communication problems. Examples of files that fall into this category:
A partially missing, entirely missing, or corrupt Configurationset on a managed host can cause a wide range of issues, including communication problems. Examples of files that fall into this category:
- nva.conf
- nva.hostcontext.conf
- frameworks.properties
In most cases, running a full deploy will resolve these problems by rewriting the Configurationset. However, when performing a full deploy from the Console UI or Command-Line, there are not possible or is not practical. In such cases, forcing a local Configurationset transform can be a viable option.
Steps
The script /opt/qradar/bin/local_transformation.sh makes it possible to force a managed host to transform the Configurationset for its local use, effectively performing a full deploy on the managed host only.
Before You Begin
The script requires the following preconditions to function:
- The Console is running the Tomcat service.
- The managed host is running Hostcontext.
- No current deploy, add or remove managed host actions are in progress.
Administrators run the following steps to deploy the newest configuration on a managed host locally:
- SSH to the QRadar Console as the root user.
- Move to the /store/configservices/configurationsets directory:
cd /store/configservices/configurationsets/
-
Use SCP to copy the deployment configuration files to the managed host:
scp globalset_list.xml zipfile_GEN.full.zip zipfile_QVM.full.zip <managedhost_ip>:/store/configservices/configurationsets
- Use SSH to log in to the managed host:
ssh <managedhost_ip>
- Replicate the PostgreSQL Database on the managed host by running the replication .pl script:
Note: The following command is not to be run on the Console or it will corrupt the Console./opt/qradar/bin/replication.pl -download
-
In the managed host, run the local_transformation.sh script to force a local full deploy:Note: The following command is not to be run on the Console or it will corrupt the Console.
/opt/qradar/bin/local_transformation.sh -l -f
Expected output:Starting up... Deployment status set to 'Initiating Deployment' Deployment status set to 'In Progress' Deployment status set to 'Success' Deploy Global Set: Done. local_transformation: End.
Result
The changes were locally deployed. If the issue persists, contact QRadar Support for assistance.
Additional Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.3;7.4.1"}]
Was this topic helpful?
Document Information
Modified date:
25 April 2024
UID
ibm11075107