IBM Support

QRadar: How to use validate_deployment.sh to validate your deployment

How To


Summary

This article describes the validate_deployment.sh script, how it can be used to troubleshoot deployment issues on your QRadar Console, and guidance on how to handle BAD lines. The script reports when the deployment configuration of the environment is inconsistent, typically meaning the deployment.xml and databases don't have the same entries.

Steps

Run validate_deployment.sh to perform common checks on managed hosts.
  1. SSH into your QRadar console.
  2. Run the script.
    /opt/qradar/support/validate_deployment.sh

    Results
    A successful output looks similar to the following:
    INFO: Reviewing /opt/qradar/conf/deployment.xml
    GOOD: No instances of hostid=0 found in deployment history
    GOOD: All hosts have a valid masterlist
    GOOD: All hosts have a valid token in their masterlist
    GOOD: All managed host IDs are correct.
    GOOD: All deployed components have valid component references.
    GOOD: All managedhostcapabilityxref entries appear valid.
    GOOD: All deployment.xml components exist in the database.
    GOOD: All deployed_component IDs exist in deployment.xml.
    GOOD: All connections in deployment.xml appear to have valid references.
    GOOD: All tunnels map back to valid hosts.
    GOOD: All server hosts have valid managed hosts
    GOOD: All managed hosts have valid server hosts
    GOOD: All managed hosts have valid primary_host entries in the serverhost table
    GOOD: All flow source connections have valid flow source entries
    GOOD: No off-site components found skipping.

Possible errors

  • WARN: There is a copy of deployment.xml in staging FYI

    The global copy of deployment.xml does not match the staging one. To resolve this issue, perform a deployment in the QRadar UI.

    WARN: There is a copy of deployment.xml in staging FYI.

  • BAD: deployment history had the following responses for a search of 'hostid="0"'

    This is a benign error that does not cause problems for users. This error means that deployment.xml has a value for a host that was removed, but not cleaned up in the deployment itself.

    BAD: deployment history had the following responses for a search of 'hostid="0"';

  • BAD: The component in the deployed_component table with id X does not exist in deployment.xml

    This is a serious error that must be resolved by support. The components on each managed host depend on the appliance type of that managed host. The components for a managed host must exist in both the deployed_component postgres table and the /store/configservices/deployed/deployment.xml file. A BAD line referring to the deployed_component table indicates they do not match.

    BAD: The component in the deployed_component table with id 3 does not exist in deployment.xml.
    Depending on your situation, you must delete the entry from the database, or add it to the deployment.xml. For both situations, contact support.
     

  • BAD: The component in deployment.xml with id X does not exist in the deployed_component table

    This is a serious error that must be resolved by support. The components on each managed host depend on the appliance type of that managed host. The components for a managed host must exist in both the deployed_component postgres table and the /store/configservices/deployed/deployment.xml file. A BAD line referring to the deployed_component table indicates they do not match.

    BAD: The component in deployment.xml with id 162 does not exist in the deployed_component table.
    
    Depending on your situation, you must delete the entry from deployment.xml, or add it to the database. For both situations, contact support.
  • BAD: Host with id=X has an invalid masterlist token, or other masterlist errors

    This error indicates mismatched tokens between the Console and the managed host, which can result in errors when users attempt to deploy the managed host. See this technical note on Deploy times out due to missing or mismatched tokens to resolve this issue.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtiAAA","label":"Performance"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
14 November 2022

UID

ibm16616351