IBM Support

QRadar: Versions of the DSA utility required for my QRadar appliance

Troubleshooting


Problem

The optimal version of the DSA utility differs based Operating systems and appliance Model types. QRadar® 7.2.x uses a different build than QRadar 7.3.x.  M5 and M6 appliances require a higher version of the DSA to pull a full report, than M3 and M4 appliances. This technote lists the builds recommended for your base Operating System and Appliance type.

Cause

The DSA version that is preinstalled in QRadar, version 9.61, was built for System x M3 and M4 appliances running Red Hat Enterprise Linux 6.  The System x M5 appliances were introduced after the 9.61 DSA was available, so there may be some limitations to the information the 9.61 DSA is able to gather from M5 servers.
In addition, QRadar 7.3.0 introduced Red Hat Enterprise Linux 7. For the DSA to gather Linux configuration information and Linux log files, the DSA used must be designed for Red Hat Enterprise Linux 7.
The OneCLI tool was introduced with the M6 appliances. OneCLI is preinstalled in QRadar 7.4.0 Fix Pack 1 and includes a DSA app.

Environment

Overview

Dynamic System Analysis (DSA) for Lenovo x86 servers collects and analyzes system information to aid in diagnosing system problems. DSA collects information about the following aspects of a system:

  • System configuration
  • Installed applications and hot fixes
  • Device drivers and system services
  • Network interfaces and settings
  • Performance data and running process details
  • Hardware inventory, including PCI information
  • Vital product data and firmware information
  • SCSI device sense data
  • ServeRAID configuration
  • Application, system, security, ServeRAID, and service processor system event logs
  • Additionally, DSA creates a merged log that allows users to easily identify cause-and-effect relationships from different log sources in the system.
  • IMM Configuration information
  • IMM Enviromentals information
  • Option card driver and firmware information
  • Lightpath
  • FoD Activation Key

DSA Portable Edition expands to temporary space on the target system, runs, and deletes all intermediate files after execution completes. Its design and packaging allow it to collect system information in sensitive customer environments with only temporary use of system resources.

Diagnosing The Problem

If you use the wrong version of the DSA utility you might see a message similar to this displayed:

This system is not supported by this version of DSA. You might need to download an update for DSA to support this system.
Use the -? or -h parameter for more information about downloading updates.
Do you want to proceed anyway  (function may be limited)?   (Y/N) 


If you select YES (Y), the DSA utility can collect data; however, the information gathered by older versions might be limited.

Resolving The Problem

To resolve this issue:

  1. Using the table download the version of the DSA utility that is correct for your version of QRadar and Appliance type.
    DSA Versions
    QRadar Version Operating System Appliance Type DSA build Pre-Installed Download link
    QRadar 7.2.x RHEL 6 M3/M4 ibm_utl_dsa_dsyte1d-9.61_portable_rhel6_x86-64.bin Yes Included in /opt/qradar/support
    QRadar 7.2.x RHEL 6 M5+ lnvgy_utl_dsa_dsala7k-10.5_portable_rhel6_x86-64.bin No https://download.lenovo.com/servers/mig/2019/04/12/19994/lnvgy_utl_dsa_dsala7k-10.5_portable_rhel6_x86-64.bin
    QRadar 7.3.x
    QRadar 7.4.x
    RHEL 7 M3 ibm_utl_dsa_dsyte1d-9.61_portable_rhel7_x86-64.bin No ibm_utl_dsa_dsyte1d-9.61_portable_rhel7_x86-64.bin
    QRadar 7.3.x
    QRadar 7.4.x
    RHEL 7 M4/M5 lnvgy_utl_dsa_dsala7k-10.5_portable_rhel7_x86-64.bin No https://download.lenovo.com/servers/mig/2019/04/12/19995/lnvgy_utl_dsa_dsala7k-10.5_portable_rhel7_x86-64.bin
    QRadar 7.4.x RHEL 7 M6 lnvgy_utl_lxcer_onecli01w-2.7.0_rhel_x86-64.rpm Yes*
    Included in /opt/lenovo/lnvgy-utl-lxce-onecli/dsa

    *OneCLI was added in 7.4.0 Fix Pack 1. For 7.4.0 and earlier versions of QRadar, the current version of OneCLI can be downloaded here: Lenovo XClarity Essentials OneCLI. Look for the Linux RPM compatible with your QRadar deployment. For example: lnvgy_utl_lxcer_onecli01h-3.0.1_rhel_x86-64.rpm

  2. Do not delete the ibm_utl_dsa_dsyte1d-9.61_portable_rhel6_x86-64.bin file from /opt/qradar/support. An upgrade or patches might still require this file to be present.
  3. If the optimal DSA is not preinstalled, acquire and upload the recommended DSA utility to the host where you will be running it.
    1. Copy the DSA utility by using WinSCP or other SCP tool to the /opt/qradar/support/ directory on the Console.
    2. Using SCP move the DSA utility to the affected appliance:
      scp /opt/qradar/support/lnvgy_utl_dsa_<version>_rhel7_x86-64.bin <IP_of_Appliance>:/opt/qradar/support
    3. Set the permissions of the file to be executable, type:
      chmod 755 /opt/qradar/support/lnvgy_utl_dsa_<version>_rhel7_x86-64.bin
  4. If OneCLI is not installed,  acquire and upload the OneCLI utility to the host where you will be running it.
    1. Copy the OneCLI utility by using WinSCP or other SCP tool to the /tmp directory on the Console.
    2. Using SCP move the OneCLI utility to the affected appliance:
      scp /tmp/<DSA_build>_x86-64.bin <IP_of_Appliance>:/tmp/
    3. SSH to the host and use YUM to install the RPM:
      yum -y install /tmp/lnvgy_utl_lxcer_onecli<version>_rhel_x86-64.rpm
  5. Type the path and file name to run the DSA utility
    1. DSA: /opt/qradar/support/lnvgy_utl_dsa_<version>_rhel7_x86-64.bin
    2. OneCLI: /opt/lenovo/lnvgy-utl-lxce-onecli/dsa

The output location of the log will depend on which version is run:

  • 9.61 writes the log to: /var/log/IBM_Support/
  • 10.5 and OneCLI writes the log to: /var/log/Lenovo_Support/

Keep all of the DSA result files from the appliance, as they may be needed for future Hardware troubleshooting.
 

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
25 February 2021

UID

ibm10719799