IBM Support

QRadar: Use SFTP to download directly from Fix Central to your console

How To


Summary

This article explains how to use the SFTP command to quickly download update packages (SFS), installation files (ISO), and auto updates from Fix Central directly to your devices without using an intermediary host.

Steps

Where can I save my file?
  • For large files, such as ISOs, create a directory in /store. Remember to delete it when you are finished.
  • For small files, such as SFSs, you can save the files to /store/tmp. Files over six hours old in /store/tmp are automatically deleted.
Important: Do not use /tmp, /store/tmp, or /store/transient for your ISO upgrade. These directories are partitioned as part of the upgrade so you cannot use them as storage locations or mount points for the ISO file.
Steps
  1. Open the page for the package that you intend to download on Fix Central. If prompted, log in with your IBMid.
  2. If Download file by using bulk FTPS/SFTP is not your default setting, click the Change download options under Download options, then select Download using bulk FTPS/SFTP and continue.Download settings
    Enable download
  3. Scroll to the Fix package location section and note the values.
    keys
  4. SSH into your QRadar console.
  5. (Optional) SSH to the Managed Host you want to install the package on if it is not the console.
  6. Start the SFTP session by using the following command, but replace USER_ID with the provided User ID and SFTP_SERVER with the provided FTPS/SFTP server.
    sftp -o StrictHostKeyChecking=no USER_ID@SFTP_SERVER
  7. When prompted, enter the Password.
  8. Use the get command and the RPM or bundle name to transfer the file from the Fix Central server to your appliance. You can get multiple files at once by entering the file names as a comma-separated list. Large files take a few minutes to complete based on your network speed
    get FILE_NAME.noarch.rpm
    Note: You can use the ls command to list the files available for download.
  9. After your download is completed, type the following command to close SFTP session:
    bye
     
    Result
    The file is downloaded.
    Note: If you have multiple hosts that need the file, you can use all_servers with the -p flag to put the file on those other hosts. The following example puts the file on all hosts with an IP that begins with 10:
    /opt/qradar/bin/all_servers.sh -i '10%' -p <FILE NAME>

Document Location

Worldwide

 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
02 June 2023

UID

ibm16985963