Question & Answer
Question
What extra steps need to be addressed when a change in the IP or any other network settings for an appliance that belongs to a High Availability (HA) environment?
Answer
Before any necessary networking changes by using supported methods, it is necessary to first remove both the required host (primary or secondary) from the deployment. The removal causes host reboots, services affectation, and functionalities while the host is down. The administrators are advised to schedule a maintenance window to run the steps in this technote.
Administrators are encouraged to read the QRadar High Availability guide, QRadar: High Availability FAQ and other available documentation to familiarize themselves with these deployments.
Note: For systems running QRadar 7.4.1 and older, the qchange_netsetup might report an error. For more details and remediations, refer to IJ31239: A CRITICAL ISSUE HAS BEEN IDENTIFIED IN /OPT/QRADAR/BIN/QCHANGE_NETSETUP.
Change network settings on a QRadar Console in High Availability
Administrators must choose between the following procedures depending on which host requires the network settings update.
- Change network settings on the Console's primary host
Note: This procedure causes full affectation in the deployment as all the managed hosts must be removed from the deployment before qchange_netsetup is run and the services in the Console are affected while qchange_netsetup runs. The administrators are advised to schedule a maintenance window to run the following steps.
- Log in to QRadar Console WebUI as an administrator user.
- On the navigation menu ( ), click Admin.
- On the navigation menu, click System Configuration.
- Click the System and License Management icon.
- In the Display drop-down menu, select Systems.
- Remove all managed hosts one by one in the deployment.
- Remove all HA hosts in the deployment (including the Console's HA host when exists). Follow the steps in the "Change network settings on a High Availability Secondary host" section in this technote.
Note: This procedure reboots the primary node to revert the changes done by the HA Setup and takes some time to complete. - Remove all stand-alone managed hosts in the deployment. Follow the steps in the "Change network settings on a stand-alone (primary) Managed host" section in this technote.
- On the navigation menu ( ), click Admin, and deploy changes.
- Repeat from step b to step c for each managed host in the deployment until the Console is the only host in the deployment.
- Remove all HA hosts in the deployment (including the Console's HA host when exists). Follow the steps in the "Change network settings on a High Availability Secondary host" section in this technote.
Result
The Console is ready to run qchange_netsetup to change the required network settings. Follow the steps in the "Procedure to run qchange_netsetup" section in this technote. - Change network settings on the Console's HA (Secondary) host
Follow the steps in the "Change network settings on a High Availability Secondary host" section in this technote.
Change network settings on a High Availability Secondary host
Note: This procedure reboots the primary node to revert the changes done by the HA Setup and takes some time to complete.
- Log in to QRadar Console WebUI as an administrator user.
- On the navigation menu ( ), click Admin.
- On the navigation menu, click System Configuration.
- Click the System and License Management icon.
- In the Display drop-down menu, select Systems.
- Select the HA Cluster with the host that requires the change.
- Ensure the primary host is Active and the secondary is on Standby.
Note: If they are not, refer to Troubleshooting QRadar® HA deployments. - From the toolbar, select High Availability, then Remove HA Host.
- Wait until the previous primary node reports back as Active in the System and License Management menu.
Results
The HA host is ready to run qchange_netsetup to change the required network settings. Follow the steps in the "Procedure to run qchange_netsetup" section in this technote.
Change network settings on a stand-alone (primary) Managed host
- Log in to QRadar Console WebUI as an administrator user.
- On the navigation menu ( ), click Admin.
- On the navigation menu, click System Configuration.
- Click the System and License Management icon.
- In the Display drop-down menu, select Systems.
- Select the HA Cluster with the host that requires the change.
- Remove the HA Host from the HA Cluster. Follow the steps in the "Change network settings on a High Availability Secondary host" section in this technote.
- From the toolbar, select Deployment Actions, then click Remove Host.
- Click OK.
- On the navigation menu ( ), click Admin, and Deploy changes.
- Wait until the deploy changes process completes.
Result
The appliance is removed from the environment and becomes an unmanaged host ready to run qchange_netsetup to change the required network settings. Follow the steps in the "Procedure to run qchange_netsetup" section in this technote.
The appliance is removed from the environment and becomes an unmanaged host ready to run qchange_netsetup to change the required network settings. Follow the steps in the "Procedure to run qchange_netsetup" section in this technote.
Procedure to run qchange_netsetup
- Connect directly to the appliance as the root user and start a console connection.
- Out-of-band management approach. Log in to the IMM or XCC WebUI or equivalent (KVM, iDRAC, etc) and click Remote Control.
Note: Integrated Management Module (IMM) is present only on QRadar® M3, M4, and M5 appliances. QRadar® M6 appliances use XClarity Controller (XCC) instead. - Local approach. Connect a local monitor keyboard and mouse to the appliance.
- Out-of-band management approach. Log in to the IMM or XCC WebUI or equivalent (KVM, iDRAC, etc) and click Remote Control.
- Run qchange_netsetup from the command prompt.
- Follow the prompts on the screen to change all required network settings.
- Wait until the process finishes.
Result
Required network settings are updated.
Add managed hosts back to the deployment
- Log in to QRadar Console WebUI as an administrator user.
- On the navigation menu ( ), click Admin.
- On the navigation menu, click System Configuration.
- Click the System and License Management icon.
- In the Display drop-down menu, select Systems.
- From the toolbar, select Deployment Actions, then click Add Host.
- Add the required information.
- Click OK.
- On the navigation menu ( ), click Admin, and Deploy changes.
Result
After the action completes successfully, the add host is back to the deployment and contributes to the deployment with its capabilities.
Add HA host back to the deployment
Note: This procedure reboots the primary node to enable the changes done by the HA Setup and takes some time to complete.
- Log in to QRadar Console WebUI as an administrator user.
- On the navigation menu ( ), click Admin.
- On the navigation menu, click System Configuration.
- Click the System and License Management icon.
- In the Display drop-down menu, select Systems.
- From the toolbar, select High Availability, then Add HA Host.
- Add the required information.
- Click Finish.
Result
After the action completes successfully, which will take some time, the host is added back to the deployment with HA and starts the synchronization process.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtXAAQ","label":"High Availability"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
14 April 2022
UID
swg21989204