Question & Answer
- About the QRadar weekly auto update bundle
- Auto update server locations
- Configuring an auto update file on your local QRadar console
- How to install the auto update file
- Auto update log file locations
About the QRadar auto update bundle
Fig 1: The auto update file download from IBM Fix Central.
The auto update bundle from IBM Fix Central contains the following content:
- Device support module (DSM) rpm files - New integrations and parsing/categorization updates for existing DSMs are provided for QRadar 7.3.x and 7.4.x versions.
- Protocol rpm files - New protocols and updates are provided to listen for or retrieve events from remote sources for QRadar 7.3.x and 7.4.x versions.
- Scanner rpm files - New scanner module releases and updates are provided for QRadar 7.3.x and 7.4.x versions.
- Vulnerability catalog updates - The vulnerability catalog update is a database file that includes CVE information, vulnerability descriptions, and signature information so scan results can display vulnerability information. Vulnerability catalog updates are delivered daily for administrators with QRadar Vulnerability Manager.
Configuring an auto update file on your local QRadar Console
- In a web browser, navigate to IBM Fix Central and log in with your IBMid.
- Select QRadar, provide your product version, and platform.
- Select Browse for fixes.
- Download the auto update file to your local workstation.
- Use SSH to log in to the QRadar Console as the root user.
- Create a symbolic link between the /storetmp and the /opt/qradar/www/autoupdates directory.
ln -s /storetmp/ /opt/qradar/www/autoupdates
- To verify there is enough space for the auto update, type:
df -h /opt/qradar/www/autoupdates
- Copy the autoupdate-<version>.tgz file from your workstation to the QRadar Console. The file should be placed in /opt/qradar/www/autoupdates/ directory or the symlink directory you created in Step #6.
- On your QRadar Console, type the following command to extract the autoupdate package:
tar -zxvf autoupdate-[timestamp].tgz
You are now ready to configure the QRadar user interface to install the local auto update file. If you have questions or concerns about changing your automatic update setting, you should ask a question in the forums before you make changes to your auto update configuration.
How to install the auto update file
- Log in to the QRadar user interface.
- Click Admin tab.
- Click Auto Update icon.
- Click Change Settings.
- Select Advanced tab.
- In the Webserver field, type https://localhost/ or https://Console_IP_address/ as either option can be used.
Note: The trailing forward slash (/) is required in the Webserver field. For example, if your IP address is 10.10.10.10, type: https://10.10.10.10/.
- In the Directory field, leave the autoupdates/ configuration as the default value.
- Optional. Configure the proxy fields if you are using a proxy for external Internet connections.
- If the Send feedback option is enabled, clear the check box to disable the feedback option.
- Click Save.
- The system attempts to contact the URL defined as your https address and displays a message that states that the remote webserver is unavailable. This is an expected, but benign message for local autoupdate configurations.
- Click Check for Updates navigation menu, then click Get New Updates.
- Wait for the update to complete. A dashboard system notification is generated when updates are successfully installed or when an error occurs. If you have questions or concerns about an auto update status, you can ask a question in the forums.
After the auto update completes, the administrator can close the notification.
IMPORTANT: To receive automated updates in the future from QRadar Consoles that have Internet access, the administrator can set the Web Server field to https://auto-update.qradar.ibmcloud.com/. If you plan to manually update your Console appliance every week, the administrator can leave the Web Server field as https://localhost/.
Auto update log file locations
Auto update server locations
|Server changes||Hostname||Static IP address||Location||Description|
|New server cluster||https://auto-update.qradar.ibmcloud.com/||18.104.22.168||Global||New server active on 27 July 2020|
|Legacy server||https://qmmunity.q1labs.com/||22.214.171.124||United States||Active until 30 November 2020|
|Legacy server||https://qmmunity-eu.q1labs.com/||126.96.36.199||Europe||Active until 30 November 2020|
IMPORTANT: Administrators who fail to update their corporate firewalls might experience an interruption in service after 30 November 2020. QRadar Support recommends that all administrators update their QRadar Console's auto update settings during a maintenance window and confirm that auto updates complete successfully.
For more information on the new IBM Cloud auto update server, see QRadar: Important auto update server changes for administrators.
30 November 2020