How To
Summary
The QRadar Vulnerability Manager product has a database that stores information on assets. That database is constantly updated by incoming events, weekly auto-updates, and so on. To maintain optimum health of this database, it is a good practice to periodically run a Full Vacuum on that database. This article provides the correct sequence of steps to safely run the Full Vacuum.
Steps
IMPORTANT: Although the maintenance of the QVM database is straightforward, it is best done when suggested by the QRadar support team. The steps provided need to be done on the console or the managed host where the QVM processor is located.
- Ensure there are no running scans and stop the qvmprocessor service:
Create a stop file:
Stop the QVM processor:/opt/qradar/systemd/bin/manual.sh qvmprocessor enable
systemctl stop qvmprocessor - Restart the hostservices service:
NOTE: If the QVM processor is on the console, this command will restart both the qradar and fusionvm Postgresql databases. The qradar database is the one that stores items like rules, offenses, and so on. The fusionvm database is the one associated with QVM.
systemctl restart hostservices - Run this command to get the maintenance done:
psql -U fusionvm -p 15433 -c "vacuum full analyze verbose" - Clear the stop file:
/opt/qradar/systemd/bin/manual.sh qvmprocessor disable - Start the QVM service:
systemctl start qvmprocessor
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwu1AAA","label":"Assets"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
06 October 2021
UID
ibm16480689