IBM Support

QRadar: Support for installation of non-QRadar RPMs

Question & Answer


What considerations must administrators take before you upgrade RPMs or install third-party software on a QRadar appliance?


Administrators who upgrade software packages (RPMs) outside of QRadar software posted to IBM Fix Central can experience upgrade errors, performance issues, or product instability. Common reasons where administrators attempt to upgrade RPM files might be to address security vulnerabilities or install software or anti-virus to gain various management functionalities. Upgrading RPM files outside of software releases is not supported. Administrators with concerns about an RPM version on their QRadar appliance can begin a discussions with QRadar Support. For more information, see: Third-party software on QRadar appliances.


IBM tests the versions of RPMs that QRadar depends on during development cycles. If a customer chooses to change versions of the RPMs installed on their environment independently of what is provided by their QRadar installation, IBM has no way of assuring compatibility or performance. Any problems encountered by these RPMs are outside of what is supported by IBM. QRadar patches periodically released by IBM often include updates to RPM versions that QRadar depends on to address any vulnerabilities that might exist in earlier versions.

Similarly, third-party software modules, such as management and monitoring tools can adversely impact QRadar performance or even prevent QRadar from operating. Some historical examples of these adverse impacts include disk space problems, port usage problems, RAM usage problems, CPU usage problems, and file access locks. If you choose to install third-party RPMs on your QRadar appliance, any problems encountered are considered outside of what is supported by IBM.

IBM distributes supported versions of RPMs as patches through IBM Fix Central. In some instances, IBM Support might provide information or suggest an upgrade path to resolve your concerns.

All other installations methods of non-QRadar software modules, either as RPMs or through Yellow dog updater, Modified (YUM) is not supported. Administrators must not force install or bypass installation dependency checks to install newer versions than what is supplied in ISO or SFS files on IBM Fix Central. Since a software installation requires RPM versions included in the ISO, running YUM updates within Red Hat Enterprise before you start your software installation can cause the installation to fail.

[{"Type":"SW","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwszAAA","label":"Install"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 April 2021