Troubleshooting
Problem
The installation output of a manual rpm installation shows that the rpm was installed successfully, however the DSM or Protocol is not displayed as an option on the Log Source Management App.
Symptom
The rpm shows as installed. However, it is not displayed as a log source type option when you create a new log source nor in the DSM Editor.
The installation output shows the following error messages:
cp: cannot create regular file ‘<path_to_file>’: No such file or directory
Error: Execution Failed of :cp -pf <path_to_file> <path_to_file> :, exiting
Example:
Cause
This issue occurs due to permissions issues when running the RPM installation while logged in to an account other than root even if the other account has sudo permission.
Environment
All QRadar versions except QRadar on Cloud.
Diagnosing The Problem
The output of the installation shows the rpm as installed. To validate if the rpm is installed, you can run this command:
rpm -qa rpm | grep -i <rpm-name>
Example:
rpm -qa | grep -i DSM-WinCollect
DSM-WinCollect-7.4-20210817165702.noarch
rpm -qa | grep -i PROTOCOL-Microsoft
PROTOCOL-MicrosoftGraphSecurityAPI-7.4-20211004154952.noarch
PROTOCOL-MicrosoftAzureEventHubs-7.4-20191218165336.noarch
Resolving The Problem
- Download the RPM from Fix Central.
- Use an SCP client to transfer the RPM to the Console in a directory such as /storetmp or /store/IBM_Support.
- Use SSH to log in to the Console as root user.
- Remove the RPM by using the command:
yum -y remove <rpmname>
- Navigate to the directory where the RPM file is located.
- Reinstall the RPM by using the command:
yum -y install <rpmname>
- Restart the Tomcat service by using the command:
systemctl restart tomcat
Note: If you use another account other than root run "su - " or "sudo -i" to switch to root. For more information on how to use sudo with QRadar see: How to sudo or su to root in QRadar
Results
The Log Source Type now appears in the Log Source Management app.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
30 November 2021
UID
ibm16509516