Release Notes
Abstract
This document includes installation instructions and known issues for QRadar Network Packet Capture 7.5.0 Update Package 8 and Update Package 9 (Build 1510). You must have QRadar Network Packet Capture 7.5.0 Update Package 7 (Build 1509) to upgrade to this version.
Content
About this installation
Follow these instructions to upgrade your appliance to use QRadar Network Packet Capture 7.5.0 Update Package 8 and Update Package 9 (Build 1510).
What's New
- Admin user accounts grant access to all configuration options including Search.
- Monitor user accounts grant read-only view access to monitor the device and group status.
- Operator user accounts grant access to monitor and execute Search.
Known Issues
Before you install
- This procedure uses IBM's integrated management module (IMM). This interface must be available/configured to mount the ISO file to complete the update.
- This installation must be completed during a scheduled maintenance window. While the system is updating, Network Packet Captures are not recorded as services are not started.
- Ensure that you are logged in to the QRadar Network Packet Capture Appliance as an administrator.
- Your system meets the minimum hardware requirements.
- A keyboard and monitor are connected by using the VGA connection.
Important: If you have a stacked configuration of QRadar Network Packet Capture appliances, you must unstack your appliances before you can upgrade. Upgrade each appliance individually and then re-create the stack. Unstacking the appliances ensures that your data is preserved during the upgrade. You must also turn off Traffic Capture.
Completing the Installation
Required files for upgrade installation
Download the 7.5.0-QRadar-NetworkPCAP-Upgrade-1510.iso file from IBM Fix Central: https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=7.5.0&platform=Linux&function=fixId&fixids=7.5.0-QRadar-NETPCAP-Upgrade-1510&includeSupersedes=0&source=fc
Procedure
- Log in to the QRadar Network Packet Capture IMM interface by using your web browser.
- Click Remote Control.
- To start the Remote Control session, click Active X for Internet Explorer or Java for all other Browsers.
- Click Start Remote Control in Single User Mode.
NOTE: You should always use single user mode for remote connections for new installations or upgrades. - Verify that the Allow others to request my remote session disconnect checkbox is cleared. It is not recommended to allow other users to request the active session for firmware updates.
- From the menu, select Virtual Media > Activate.
- From the menu, select Virtual Media > Select Devices to Mount.
- From the Devices window, click Add Image.
- Select the QRadar Network Packet Capture image that was downloaded from Fix Central and click Open.
- Select the option with your ISO, and verify that the Mapped checkbox is selected.
- Click Mount Selected.
- Restart the appliance.
- When the splash menu is displayed, press <F12> Select Boot device.
(The upgrade process includes mounting the 7.5.0-QRadar-NetworkPCAP-Upgrade-1510.iso upgrade package image, and rebooting to the virtual drive. Then, select the Upgrade QRadarPCAP-7.5.0-150 option from the boot menu.) - In the Boot Devices Manager window, select CD/DVD and press enter to start the upgrade installation.
- Wait for the installation to complete.
(The upgrade process is completed in two phases. The first phase installs the necessary packages for the Leapp upgrade utility. Then, users are prompted to reboot the system.) - After the QRadar Network Packet Capture Appliance is updated, restart the appliance when prompted.
Installation wrap-up
- The installation is complete when the Leapp End of Report message is displayed.
- After the installation is completed, press the Enter or Return key to display the root prompt, and log in with your root credentials.
- Log in to IMM and select Virtual Media > Unmount All.
- Verify if the network interface retains its IP configuration by using
ifconfig
. If the IP configuration is not retained, run thenmtui
utility to reconfigure the network settings. - Log in to the QRadar Network Packet Capture web interface with administrative credentials and verify if the Traffic Capture option is still turned on in the ADMIN tab.
Was this topic helpful?
Document Information
Modified date:
13 August 2024
UID
ibm17158032