This article provides several ways to determine or monitor the status of a Deploy Change. There are two types of deploys administrators can complete in the user interface:
Admin tab > Deploy Changes - An incremental deploy sends administrative changes to the managed hosts in the QRadar deployment and does not impact core services.
Admin tab > Advanced > Deploy Full Configuration - This user interface option rebuilds the full configuration and restarts services on each managed host.
Diagnosing The Problem
As administrators make changes to QRadar the user interface defines if the change requires a Deploy Changes (incremental) update or a Deploy Full Configuration (, in most cases, you are required to deploy changes within QRadar; you may be required to issue a Deploy Change or Full Deploy command. As the deploy starts, a window displays the status of the deploy changes for all appliances.
Resolving The Problem
To verify the status of a deploy changes from the QRadar API
Log in to QRadar Console user interface as an administrator.
On the navigation menu ( ), click Interactive API for Developers.
From the list, select the /staged_config/deploy_status endpoint.
Verify you on on the GET tab.
Click Try it Out.
The API is queried for the current deploy changes status. The details are displayed to administrators in the Response Body when the query completes. The following information is available to administrators about the current status of the deploy:
- initiated_by - String - The name of the user who initiated the deploy.
- initiated_from - String - The hostname from where the deploy was initiated.
- type - String - The type of deploy: FULL or INCREMENTAL.
- status - String - The status of the deploy: UNKNOWN, START, DONE.
- hosts - Map of < String, List of String > - A map of status states and a list of hosts.
- error_message - String - The deployment error message.
- has_errors - Boolean - True if the deploy encountered an error.
- percent_complete - Integer - The percentage of completion of the deploy. ( 0 - 100 )
Non-administrators can watch the status of a deploy that is on-going from the QRadar command line for those users who have root access to the QRadar Console. The watch command can be used to monitor the logs in QRadar to view the status of a deploy.
- Using SSH, log in to the QRadar Console as the root user.
- To view the status of a deploy changes in progress or the status of the deploy, type:
watch -n2 'grep -i "" /store/tmp/status/deployment.*'
The command line displays the status from hosts as they report status. For example:
This information is also available in the QRadar logs. Users with root access can always review /var/log/qradar.log and /var/log/qradar.error for messages for deploy or successful deploy using the command :
/var/log/qradar.error | grep -i deploy
Jul 25 13:44:08 ::ffff:IPADDRESS [tomcat.tomcat] [configservices@IPADDRESS (3367) /console/JSON-RPC System.setDeploymentStatus] com.q1labs.rpcservices.DeploymentServices: [INFO] [NOT:0000006000][18.104.22.168/- -] [-/- -]Host IPADDRESS sets the deploy status to Initiating Deployment
Jul 25 13:44:09 ::ffff:22.214.171.124 [hostcontext.hostcontext] [9baac345-711d-49b3-9607-145759a828e4/SequentialEventDispatcher] com.q1labs.hostcontext.configuration.ConfigChangeObserver: [INFO] [NOT:0000006000][126.96.36.199/- -] [-/- -]Setting deployment status to In Progress
Jul 25 13:53:34 ::ffff:188.8.131.52 [tomcat.tomcat] [email@example.com (7073) /console/JSON-RPC System.setDeploymentStatus] com.q1labs.rpcservices.DeploymentServices: [INFO] [NOT:0000006000][184.108.40.206/- -] [-/- -]Host 220.127.116.11 sets the deploy status to Success
29 October 2019