IBM Support

QRadar: Installing QRadar on appliances with several disks

Question & Answer


Question

Is it possible to install QRadar on appliances, virtual, or physical, with multiple disks?

Answer

There are unique procedures and requirements depending on if an administrator has a physical appliance or a virtual machine (VM). This article provides administrators with basic information about using multiple disks with QRadar.

QRadar Virtual Appliances

Virtual appliances have a set of rules predefined for partitions creation.
Note: Appliances installed on cloud instances (AWS, Azure, IBM Cloud) have specific instructions that must be follow thoroughly.

QRadar Physical Appliances

Physical appliances contain a fixed number of disks and they cannot be increased. Refer to the product documentation for each appliance type to know how many disks exist per appliance:
The following schema applies to on-premises installation (includes Data Gateway). Depending on how many disks are presented, the QRadar setup applies the following configuration:
Condition Disk and Partition Partitions created separately Partitions NOT created separately
One disk with less than 256GB Disk 1 (sda, vda) - Partition 1
/
/boot
/recovery
/storetmp
/tmp
/home
/opt
/var
/var/log/audit
/var/log
/store
/transient
One disk with 256GB or more Disk 1 (sda, vda) - Partition 1
/
/boot
/recovery
/storetmp
/tmp
/home
/opt
/var
/var/log/audit
/var/log
None
Disk 1 (sda, vda) - Partition 2
/store
/transient
Two disks (104GB minimum each) Disk 1 (sda, vda) - Partition 1
/
/boot
/recovery
/storetmp
/tmp
/home
/opt
/var
/var/log/audit
/var/log
None
Disk 2 (sdb, vdb) - Partition 1
/store
/transient
More than two disks Disk 1 (sda, vda) - Partition 1
/
/boot
/recovery
/storetmp
/tmp
/home
/opt
/var
/var/log/audit
/var/log
None
Disk 2 (sdb, vdb) - Partition 1
/store
/transient
Disk 3 (sdc, vdc) - Partition 1 None
Considerations:

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.3.1;and future releases"}]

Document Information

Modified date:
30 June 2022

UID

ibm16571185