QRadar: How to run a Dynamic System Analysis (DSA) report on a PCAP Appliance

Troubleshooting

Problem

The DSA utility is not installed natively on QRadar® PCAP appliances, so PCAP Administrators who experience hardware issues on their PCAP Lenovo Hardware appliances need to download and install the DSA utility in order to gather the DSA logs and submit a report with the hardware support request.

Environment

For QRadar M4 and M5 appliances, the Lenovo DSA 10.5 utility can be used to collect DSA logs.
For QRadar M6 and newer appliances the Lenovo OneCLI utility can be used to collect DSA logs.

Resolving The Problem

Procedure

Download the software based on your appliance version.
- For M4 or M5 appliances:
  - Lenovo Dynamic System Analysis (DSA) - Portable for RHEL 7 x86-64
  - Download the file lnvgy_utl_dsa_dsala7k-10.5_portable_rhel7_x86-64.bin to your local computer
- For M6 and later appliances:
  - Lenovo XClarity Essentials OneCLI (OneCLI)
  - Download the file lnvgy_utl_lxcer_onecli01u-<version>_rhel_x86-64 (rpm) to your local computer
Using PuTTY or equivalent tool, open an SSH session to the PCAP appliance on port 4477.
Run the command:
```
mkdir -p /opt/qradar/support
```
Using WinSCP or equivalent tool and by using port 4477, upload the utility to the PCAP appliance.
- The DSA bin you downloaded must be uploaded to /opt/qradar/support.
- The OneCLI rpm file can be uploaded to /tmp.
For M4 or M5 appliances, to install and run the DSA utility:
- To change to the upload directory, type:
```
cd /opt/qradar/support
```
- To set permissions on the file, type:
```
chmod 755 lnvgy_utl_dsa_dsala7k-10.5_portable_rhel7_x86-64.bin
```
- To collect the DSA logs, type:
```
./lnvgy_utl_dsa_dsala7k-10.5_portable_rhel7_x86-64.bin
```
- The utility creates a file in /var/log/Lenovo_Support with the machine type, example 7944AC1, Serial Number, and date.xml.gz. For example, 7944AC1_KQ6X8X8_20120927-163515.xml.gz
Install and run the OneCLI utility on an M6 or newer:
- To install OneCLI, type:
```
yum -y install /tmp/lnvgy_utl_lxcer_onecli-<version>_rhel_x86-64.rpm  
```
  Where <version> is the version number of the OneCLI utility you downloaded.
- To collect the DSA logs, type:
```
/opt/lenovo/lnvgy-utl-lxce-onecli/dsa
```
- The utility creates a file in /var/log/Lenovo_Support with the machine type, serial number, and a timestamp as an XML file. For example,
  OneCli-inventory-7X06-J1010000-RHEL7--20211104-170730.xml
Using WinSCP or equivalent tool move the collected log file to your desktop.
Attach the hardware report to your QRadar Support case.

Related Information

QRadar: Versions of the DSA utility required for my QRadar appliance

Where do I find more information?

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMU35","label":"IBM QRadar Network Packet Capture Software"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.3.0;and future releases"}]

Tips

QRadar: How to run a Dynamic System Analysis (DSA) report on a PCAP Appliance

Troubleshooting

Problem

Environment

Resolving The Problem

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?