Hi Bruno,
you didn't tell me if these are new installations. If they are, then their DSM packages are most likely outdated even though you are patched to the latest.
Therefore, when auto-update checks your dsm packages versions, it finds a lot that needs to be updated. However, auto-update doesn't have the intelligence to verify dependencies and plan the best way to install the dsm, it only tries to install the latest packages. This way of working results in dependencies errors most of the time. Re-runing auto-update manually may fix your issue.
Although, you might fall in a dependency vicious circle. This happens when you have a few packages that depends on eachother, and none will install for this reason. In this case, you'll need to manually install an intermediate dsm packages, and order correctly the installation of the remaining dsm packages to get out of this vicious cirle. You can't use auto-update for this part. I've share a fix on a dependency loop issue here (it's a real example):
https://developer.ibm.com/answers/questions/481066/unable-to-install-protocol-amazonawsrestapi-73-201/. Note that some recent DSM in fix central are not pushed through auto-update immediately. It may take weeks after their release before they are automatically push to your system. Although, if you're years behind, then you may have a problem, However, I've seen dsm packages from 2016 that were ok. It all depends ;)
Another issue you might have is with your proxy server if you're using one to access internet. IBM has release a fix that solves this issue here. Although, I'm not sure if any of the 7.3.1 patches corrects this or if it's corrected in 7.3.2. For the fix, you'll see 7.3.x.
http://www-01.ibm.com/support/docview.wss?uid=swg22010655 You'll have to go through you auto-update logs to see if your connection hangs. If you're not too familiar with troubleshooting Qradar, I suggest you open a ticket with support.
I hope this helps a little.
Regards,
------------------------------
Anthony Gayadeen
------------------------------
Original Message:
Sent: 03-29-2019 04:35 AM
From: Bruno Oliveira
Subject: DSM Update Procedure does not work !?
Hi Anthony,
I haven't checked all the QRadar environments I have access to, but at least 7.3.1 last Patch and 7.3.2 (fresh install).
Regards,
Bruno
------------------------------
Bruno Oliveira
Original Message:
Sent: 03-28-2019 06:11 PM
From: Anthony Gayadeen
Subject: DSM Update Procedure does not work !?
Hi Bruno,
what version of Qradar are you working on right now. I might have an answer for you if it's a brand new install.
Regards,
------------------------------
Anthony Gayadeen
Original Message:
Sent: 03-28-2019 05:52 AM
From: Bruno Oliveira
Subject: DSM Update Procedure does not work !?
Hallo @Jonathan Pechta,
Thank you for your reply. This affects more DSMs. I can't really see any pattern here, but I had to manually update some DSMs. I can see that some have been updated, but others are still very old and I had to update them manually. Unfortunately, this is something I have seen with some systems running QRadar 7.3.1 and also 7.3.2. Some of our customers were affected as well as our Test-System. That's why I wrote my message to check, whether I had done something wrong or not. I will try to gather more information and put it here.
Thank you!
Regards,
Bruno
------------------------------
Bruno Oliveira
Original Message:
Sent: 03-27-2019 09:01 AM
From: Jonathan Pechta
Subject: DSM Update Procedure does not work !?
Bruno,
This is likely something that needs to be reviewed by QRadar Support. Is it just those two DSMs or are all behind per recent released on IBM Fix Central?
There could be multiple reasons why a specific DSM falls behind, such as a dependency check failure or missing an associated file. It could be that there is an issue with the SQLite database that tracks these changes or it could be due to a previous workaround applied by Support. There are a lot of moving parts related to auto update and we'd need to review the logs to determine what is causing the problem.
I would log in to the command line of the Console appliance and run:
/opt/qradar/bin/UpdateConfs.pl -ds runnow 1
That command manually runs the auto update from the command line and will regenerate any errors in the logs that can be helpful for troubleshooting. If you Collect Logs from the Admin tab > System & License Management (or use get_logs.sh) from the command line, you can submit them and we can take a look. You might also take a look at the update history and search for vmware or dhcp to see if a previous RPM file install issue was causing the future updates to not install as expected.
If you are concerned, get a case opened and we'll take a look at the logs. Just make sure that you run that command (wait 20 minutes), then it should be OK to get logs for your case.
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support Forums: ibm.biz/qradarforums
Original Message:
Sent: 03-26-2019 10:11 AM
From: Bruno Oliveira
Subject: DSM Update Procedure does not work !?
Hi,
I noticed that some events for some log sources are not being parsed correctly. For example, after we install QRadar. Therefore, we had to install those DSMs manually. It worked.
In the Auto Update Options we chose DSMs "Auto Install". However, we still see things like:
PROTOCOL-WindowsDHCPProtocol-7.3-20161017144311.noarch
or
DSM-VmWareVCenter-7.3-20171110162029.noarch
installed, even though there are new versions of them.
Why does this happen? I though this option would handle the update process covering DSMs.
Have I slipped up somewhere?
Thank you!
Regards,
Bruno
------------------------------
Bruno Oliveira
------------------------------