IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  APAR IJ45284 Upgrading to 7.5.0 UP4 or greater and WinCollect 7.x Incompatibility

    Posted Wed April 05, 2023 03:10 PM

    QRadar: After upgrading to 7.5.0 UP4, WinCollect 7.x agents can experience management or configuration change errors (IJ45284) (ibm.com)

    Can you clarify that if we are currently on 7.5.0 UP3 IF3 and WinCollect 7.2.5-105 then we should perform the upgrade steps in the following order.  I am needing to ensure that communication to the 7.2.5-105 agent will not be lost and can be established from the console to push out the upgrade for 7.3.1-28 to all agents from the QRadar console.

    1. Upgrade to 7.5.0 UP5
    2. Install the WinCollect 7.3.1-28 SFS file on the QRadar Console
    3. Enable the "Automatic Updates Enabled" setting on the QRadar console for each WinCollect Agent to be upgraded to 7.3.1-28
    4. Verify each WinCollect Agent has been upgraded to 7.3.1-28 (Admin tab > WinCollect)



    ------------------------------
    Joe Chaffin
    ------------------------------


  • 2.  RE: APAR IJ45284 Upgrading to 7.5.0 UP4 or greater and WinCollect 7.x Incompatibility

    Posted Thu April 06, 2023 06:54 PM

    Nevermind.  I see it listed in the Flash Notice.  "If you plan to upgrade to QRadar 7.5.0 UP4 or later in the future, you must install WinCollect 7.3.1-28 after you update your Console appliance".



    ------------------------------
    Joe Chaffin
    ------------------------------

    Original Message


  • 3.  RE: APAR IJ45284 Upgrading to 7.5.0 UP4 or greater and WinCollect 7.x Incompatibility

    Posted Thu April 06, 2023 10:35 PM
    Edited by Jonathan Pechta Thu April 06, 2023 10:36 PM

    Correct. If you plan to upgrade to 7.5.0 UP5, you are required to upgrade any managed WinCollect agents from 7.2.5-105 to version 7.3.1-28. There was a struts change that altered how agents can communicate and the new 7.3.1-28 agents are updated for the code changes in 7.5.0 UP4 or UP5 and later.

    1. Download 7.5.0 Update Package 5 from IBM Fix Central. Tip: To get the SFS , you can wget or sftp the file from Fix Central to your Console. Make sure you put it in store/tmp or somewhere there is space.
    2. Optional, but recommended. Run a pre-test of the 7.5.0 UP5 SFS (-t option flag)  on your Console. Note: This temporarily stops services, but does not install the upgrade. 
    3. Upgrade the Console appliance. 
    4. Download and install WinCollect 7.3.1-28 SFS on the Console (Release notes 7.3.1-28).
    5. As you mention, verify you have automatic updates enabled on all agents Admin tab > WinCollect.
    6. Start upgrading your other QRadar managed hosts in the deployment (if not an All-in-One Console). 

    If you want to confirm agents are updated you can use the UI, the QRadar Self-Analytics Monitoring content pack has a custom property for WinCollect agent version that you can use, or you can use WinCollectHealthCheck.sh for a list of agent versions from the CLI. The agents should start to update after the configuration polling interval timer triggers and the agent calls in for an update from the Console. 



    ------------------------------
    Jonathan Pechta
    QRadar Support Content Lead
    Support forums: ibm.biz/qradarforums
    jonathan.pechta1@ibm.com
    ------------------------------

    Original Message


Related Content