IBM Support

QRadar: Upgrade path information for the transition to Red Hat Enterprise 8

News


Abstract

The QRadar Development team is working on a release that supports a kernel update to Red Hat Enterprise 8 (RHEL8). This support notice is intended to notify administrators that any software release that updates the operating system (OS) from RHEL 7 to RHEL 8 requires users to first install QRadar 7.5.0 Update Package 7. After users upgrade to QRadar 7.5.0 Update Package 7, they can then update to a future software release that includes a Red Hat 8 OS.

Content

Technical note updates


  • 25 March 2024: Updated to note the release of QRadar 7.5.0 Update Package 8 and added notes for several important items that apply to LUKS pre-installation checks, upgrade disk space requirements for /storetmp, and a post install requirement for administrators with HA appliances.
  • 4 November 2023: Initial release of the flash notice to alert administrators to a new upgrade requirement for future releases of QRadar SIEM that contain Red Hat Enterprise 8.
  • 5 December 2023: Resending the flash notice to remind users that QRadar Update Package 7 (any Interim Fix version) is required to update to QRadar 7.5.0 Update Package 8 when released. This upgrade path is a new requirement due to the Red Hat 8 OS update.
  • 15 December 2023: Adding information related to a known issue IJ49176/DT247083. QRadar Support is recommending administrators enable encryption on managed host before you begin an upgrade to 7.5.0 Update Package 7.

Summary

A new required upgrade path is being implemented for future QRadar software releases. Administrators who plan to upgrade to a QRadar version that includes Red Hat Enterprise 8 must first install QRadar 7.5.0 Update Package 7. This restriction is to ensure all of the required packages needed to transition to RHEL8 are available when users attempt to upgrade. An upgrade to QRadar 7.5.0 Update Package 7 is required for users who plan to go to 7.5.0 UP8 or later.


Important notices related to QRadar 7.5.0 Update Package 8
 
  • UP8 Upgrade check: Administrators must confirm if they have appliances that use LUKS encryption. During the 7.5.0 Update Package 8 upgrade, the installer will check systems and block the upgrade if the installer detects LUKS drive encryption. For more information, see QRadar: Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8.
  • UP8 Important Leapp disk space: Leapp pretests fail to ensure if the /storetmp directory has sufficient disk space to store the upgrade cache directory. You must ensure that all appliances have at minimum 10GB of space available in the /storetmp​​​​​​​ directory before you upgrade to 7.5.0 Update Package 8. For more information, see the QRadar 7.5.0 Update Package 8 release notes.
  • UP8 Important (new post-installation requirement for HA): Administrators with High Availability (HA) appliances in their deployment must complete a post-installation step that is new in QRadar 7.5.0 Update Package 8. After the update completes, you must complete the procedure outlined in DT365145.
  • UP8 Important: QRadar 7.5.0 Update Package 8 users with WinCollect 7 must update to the latest version. If you upgrade to QRadar 7.5.0 Update Package 8 and have WinCollect 7.x agents deployed in managed mode, you must install the WinCollect 7.3.1-43 SFS file as outlined in the WinCollect 7.3.1 P3 release notes.
  • UP7 Important: Administrators need to confirm their managed hosts are encrypted before you upgrade to QRadar 7.5.0 Update Package 7 to prevent a known issue with deploys documented as IJ49176/DT247083. QRadar Support is recommending administrators enable encryption on managed host before you begin an upgrade to 7.5.0 Update Package 7.

    For the full list of known issues and resolved issues, see the QRadar 7.5.0 Update Package 8 release notes.



Key dates
  • Red Hat Enterprise 7 maintenance ends: 30 June 2024
  • QRadar 7.5.0 Update Package 7 (RHEL 7) release date:  25 September 2023
  • QRadar 7.5.0 Update Package 8 (RHEL 8) release date: 25 March 2024

Why this notice is important

QRadar Support recommends users plan an upgrade to 7.5.0 Update Package 7 to ensure they are prepared for the next major release of QRadar that includes a RHEL8 OS upgrade. The requirement to install QRadar 7.5.0 Update Package 7 cannot be bypassed. Users who are not on QRadar 7.5.0 Update Package 7 are required to complete an upgrade to QRadar 7.5.0 Update Package 7 before you can install any SFS that contains a RHEL8 OS upgrade. The next major release of QRadar in development includes a RHEL8 OS update, which is 7.5.0 Update Package 8.

Benefits of upgrading
  • The most recent product and security fixes are delivered on QRadar 7.5.0 Update Package 7 Interim Fix releases.
  • Administrators who install QRadar 7.5.0 UP7 meet the baseline requirements to upgrade to a RHEL8 QRadar release.
  • Users waiting for fixes planned for future versions, such as QRadar 7.5.0 Update Package 8 or later are required to install 7.5.0 Update Package 7.
  • Upgrading to QRadar 7.5.0 Update Package 7 can prevents scenarios where administrators might be required to install back-to-back upgrades to get to a future software release.

Affected appliances

This technical note applies to QRadar SIEM administrators who need to upgrade to QRadar 7.5.0 Update Package 7 to prepare for the next major QRadar release. QRadar on Cloud administrators can ignore this technical note as upgrades are scheduled to apply QRadar 7.5.0 Update Package 7 in preparation for the RHEL8 OS update.
 

Upgrade path

QRadar SIEM deployment upgrade path. Product and security mitigations are provided on the latest interim fix for QRadar 7.5.0 Update Package 7. For most administrators, they can upgrade the QRadar 7.5.0 Update Package 7 release in preparation for the Red Hat Enterprise 8 update. Users on older QRadar versions can use the provided table to confirm their upgrade paths to prepare for a QRadar RHEL8 software release.
Current version (any of) Required upgrade 1 Required upgrade 2 Required upgrade 3
QRadar 7.5.0 Update Package 6
QRadar 7.5.0 Update Package 5
QRadar 7.5.0 Update Package 4
QRadar 7.5.0 Update Package 3
QRadar 7.5.0 Update Package 2
QRadar 7.5.0 Update Package 1
QRadar 7.5.0 GA
QRadar 7.5.0 Update Package 7
(Any interim fix version)
QRadar 7.5.0 Update Package 8
(Unreleased - In Development)
None

QRadar 7.4.3 Fix Pack 9
QRadar 7.4.3 Fix Pack 8
QRadar 7.4.3 Fix Pack 7
QRadar 7.4.3 Fix Pack 6
QRadar 7.4.3 Fix Pack 5
QRadar 7.4.3 Fix Pack 4
QRadar 7.4.3 Fix Pack 3
QRadar 7.4.3 Fix Pack 2
QRadar 7.4.3 Fix Pack 1
QRadar 7.4.3 GA
 
QRadar 7.5.0 Update Package 7
(Any interim fix version)
QRadar 7.5.0 Update Package 8
(Unreleased - In Development)
None
QRadar 7.3.2 Fix Pack 3 and later QRadar 7.5.0 Update Package 7
(Any interim fix version)
QRadar 7.5.0 Update Package 8
(Unreleased - In Development)
None
QRadar 7.3.0 GA to 7.3.2 Fix Pack 2 Install QRadar 7.4.1 Fix Pack 2 QRadar 7.5.0 Update Package 7
(Any interim fix version)
QRadar 7.5.0 Update Package 8
(Unreleased - In Development)
Note: For more information about QRadar releases, dates, and resolved issues, see QRadar Software 101.
Table 1: Example upgrade paths for QRadar SIEM administrators to install a RHEL8-based QRadar release. For direct links to release notes and software, see QRadar Software 101.
 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtdAAA","label":"Upgrade"}],"Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0;and future releases"}]

Product Synonym

QRadar

Document Information

Modified date:
25 March 2024

UID

ibm17051316