Question & Answer
Question
How can you determine the hostname, MAC, and IP address of a QRadar Network Security (XGS) appliance from the support file?
Answer
In some cases, it might be required to determine the hostname or IP address of the management interface or the MAC addresses from the security and management interfaces from an XGS appliance from a support file.
Note: For details about generating a support file, see Technote 1688434: Generating a support file on the IBM Security Network Protection appliance (XGS).
First, take a look at the formatting of the file name of the support file. This tells you the hostname of the appliance. Reference the file name and the breakdown of each point below:
INSP_5.3.2.1_20160208-133052_XGS5100_TestAppliance.support
You might also find both the hostname, IP address, and MAC address of the device within the support file. You need to extract the .support file by using a file archiver program (such as 7zip). It is just a standard compressed file type with a .support extension. Then, open the extracted contents and open /etc/settings.txt. In this file, scroll down to the
To find the MAC addresses of the security interfaces, search the support.txt file (located in the root of the extracted files) and look for the
Note: For details about generating a support file, see Technote 1688434: Generating a support file on the IBM Security Network Protection appliance (XGS).
First, take a look at the formatting of the file name of the support file. This tells you the hostname of the appliance. Reference the file name and the breakdown of each point below:
INSP_5.3.2.1_20160208-133052_XGS5100_TestAppliance.support
- INSP means IBM Network Security Protection, so this is a support file for the XGS
- 5.3.2.1 represents the firmware version installed
- 20160208 represents the date the support file was generated in the format YYYYMMDD
- 133052 represents the time the support file was generated in the format HHMMSS
- XGS5100_TestAppliance is the hostname of the appliance
You might also find both the hostname, IP address, and MAC address of the device within the support file. You need to extract the .support file by using a file archiver program (such as 7zip). It is just a standard compressed file type with a .support extension. Then, open the extracted contents and open /etc/settings.txt. In this file, scroll down to the
# Network Tuning Params section. The hostname is specified with the net.hostname parameter. The IP address of the management port is specified with the net.if.addr.eth0 parameter.To find the MAC addresses of the security interfaces, search the support.txt file (located in the root of the extracted files) and look for the
dump_interfaces[ section. You see an output similar to the following:+ dump_interfaces
Dev Label NMC HWAddr BusID DevID Driver Link Status Speed
eth0 M.1 - 00:d0:c9:ed:4f:b5 0000:01:00.0 1533 igb yes UP 100F
eth1 M.2 - 00:d0:c9:ed:4f:b6 0000:02:00.0 1533 igb no DOWN
eth2 1.1 - 00:d0:c9:ed:4f:b7 0000:06:00.1 0438 igb yes UP 1000F
eth3 1.2 - 00:d0:c9:ed:4f:b8 0000:06:00.2 0438 igb yes UP 1000F
eth4 1.3 - 00:d0:c9:ed:4f:b9 0000:06:00.3 0438 igb no UP 0H
eth5 1.4 - 00:d0:c9:ed:4f:ba 0000:06:00.4 0438 igb no UP 0H
[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General Information","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.3.2;5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 January 2021
UID
swg21695933