This article provides several ways to determine or monitor the status of a deployment change. There are two types of deploys administrators can complete in the user interface:
Admin tab > Deploy Changes - An incremental deploy sends administrative changes to the managed hosts in the QRadar deployment and does not impact core services.
Admin tab > Advanced > Deploy Full Configuration - This user interface option rebuilds the full configuration and restarts services on each managed host.
Diagnosing The Problem
As administrators make changes to QRadar, the user interface defines whether the change requires a deployment changes (incremental) update or a Deploy Full Configuration. In most cases, you are required to deploy changes within the QRadar, but you might be required to issue a Deploy Change or Full Deploy command. As the deployment starts, a window displays the status of the deployment changes for all appliances.
Resolving The Problem
Log in to QRadar Console user interface as an administrator.
On the navigation menu, click Interactive API for Developers.
From the list, select the /staged_config/deploy_status endpoint.
Verify you are on the GET tab.
Click Try it Out.
The API is queried for the current deployment changes status. The details are displayed to administrators in the Response Body when the query completes. The following information is available to administrators about the status of the deployment:
- initiated_by - String - The name of the user who initiated the deployment.
- initiated_from - String - The hostname from where the deployment was initiated.
- type - String - The type of deployment: FULL or INCREMENTAL.
- status - String - The status of the deployment: UNKNOWN, START, DONE.
- hosts - Map of < String, List of String > - A map of status states and a list of hosts.
- error_message - String - The deployment error message.
- has_errors - Boolean - True if the deployment encountered an error.
- percent_complete - Integer - The percentage of completion of the deployment. (0-100)
Non-administrators can watch the status of a deployment that is on-going from the QRadar command line for those users who have root access to the QRadar Console.
The watch command can be used to monitor the logs in QRadar to view the status of a deployment.
- Using SSH, log in to the QRadar console as the root user.
- To view the status of a deployment changes in progress or the status of the deployment, type:
watch -n2 'grep -i "" /store/tmp/status/deployment.*'
The command line displays the status from hosts as they report status.
cat /var/log/qradar.error | grep -i deploy
::ffff:X.X.X.X [tomcat.tomcat] [configservices@IPADDRESS (3367) /console/JSON-RPC System.setDeploymentStatus] com.q1labs.rpcservices.DeploymentServices: [INFO] [NOT:0000006000][X.X.X.X/- -] [-/- -]Host IPADDRESS sets the deploy status to Initiating Deployment ::ffff:X.X.X.X [hostcontext.hostcontext] [9baac345-711d-49b3-9607-145759a828e4/SequentialEventDispatcher] com.q1labs.hostcontext.configuration.ConfigChangeObserver: [INFO] [NOT:0000006000][X.X.X.X/- -] [-/- -]Setting deployment status to In Progress ::ffff:X.X.X.X [tomcat.tomcat] [configservices@X.X.X.X (7073) /console/JSON-RPC System.setDeploymentStatus] com.q1labs.rpcservices.DeploymentServices: [INFO] [NOT:0000006000][X.X.X.X/- -] [-/- -]Host X.X.X.X sets the deploy status to Success
Was this topic helpful?
05 January 2023